Mhonarc 2.5.x - Mail Header HTML Injection

EDB-ID:

22026




Platform:

Linux

Date:

2002-11-19


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux , the course required to become an Offensive Security Certified Professional (OSCP)

GET CERTIFIED

source: https://www.securityfocus.com/bid/6204/info

A HTML injection vulnerability has been discovered in Mhonarc.

An attacker may exploit this issue by sending a specially constructed email containing malicious HTML code in the header section. When the vulnerable Mhonarc client converts the message to HTML, any malicious HTML code will be executed within the context of the displayed web page.

To: <someone@example.com>
From: <hacker@example.com>
Header<SCRIPT>hello</SCRIPT>def: whatever