Atmail Webmail Server – Email Body HTML Injection

Exploit Database
18 阅读

作者： Zhao Liang

日期： 2014-01-14
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/39015/

source: https://www.securityfocus.com/bid/64779/info

Atmail Webmail Server is prone to an HTML-injection vulnerability.

Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible.

Atmail 7.1.3 is vulnerable; others versions may also be affected. 

 <iframe width=0 height=0 src="javascript:alert('xss in main body')">

last Exploits
Atmail Webmail Server – Email Body HTML Injection的更多信息

KeystoneJS 4.0.0-beta.5 – CSV Excel Macro Injection：
Redmine SCM Repository 0.9.x/1.0.x – Arbitrary Command Execution (Metasploit)：
Keynect eCommerce – SQL Injection：
Joomla! Component JS Jobs 1.0.5.8 – SQL Injection：
rimbalinux AhadPOS 1.11 – ‘alamatCustomer’ SQL Injection：
phpfm v1.7.9 – Authentication type juggling：
LISTSERV 17 – Insecure Direct Object Reference (IDOR)：
ITGuard-Manager 0.0.0.1 – Remote Code Execution：