SquirrelMail 1.x Email Header HTML Injection Vulnerability

EDB-ID: 24160 CVE: 2004-0520 OSVDB-ID: 6514
Verified: Author: Roman Medina Published: 2004-05-31
Download Exploit: Source Raw Download Vulnerable App: N/A
source: http://www.securityfocus.com/bid/10439/info

SquirrelMail is reported to be prone to an email header HTML injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied email header strings.

An attacker can exploit this issue to gain access to an unsuspecting user's cookie based authentication credentials; disclosure of personal email is possible. Other attacks are also possible. 

Content-Type: application/octet-stream"<script>window.alert(document.cookie)</script>"; name=top_secret.pdf