SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Server)  >   MailBee WebMail Vendors:   AfterLogic
MailBee WebMail Pro Input Validation Hole Permits Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1018783
SecurityTracker URL:  http://securitytracker.com/id/1018783
CVE Reference:   CVE-2007-5290   (Links to External Site)
Updated:  Apr 1 2008
Original Entry Date:  Oct 9 2007
Impact:   Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Exploit Included:  Yes  
Version(s): 3.4 and prior versions
Description:   A vulnerability was reported in MailBee WebMail Pro. A remote user can conduct cross-site scripting attacks.

Several scripts do not properly filter HTML code from user-supplied input before displaying the input. A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the MailBee WebMail software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

Some demonstration exploit URLs are provided:

http://[target]/[PATH]/login.php?mode=[XSS]

http://[target]/[PATH]/default.asp?mode=advanced_login&mode2=[XSS]

Ivan Sanchez and Maximiliano Soler reported this vulnerability.

Impact:   A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the MailBee WebMail software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution:   Version 4.0 is not affected.
Vendor URL:  www.afterlogic.com/mailbee/webmail-pro.asp (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Reporting Vulnerable Public Web mail

This message is in MIME format.

---MOQ119160708408c16d393ad897378bd9283d81cb30de
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit

Reporting Vulnerable Public Software

Technical Details:


+===========================================================================+
+      MailBee WebMail Pro <=3.4 (XSS) Multiple Remote Vulnerabilities      +
+===========================================================================+


Author(s): Ivan Sanchez  & Maximiliano Soler

Product: MailBee WebMail Pro 3.4

Web: http://www.afterlogic.com/

Versions: 3.4 (or less)

Date: 05/10/2007


---------------------------------



Not Vulnerable: 4.0 (or superior)



GOOGLE DORKS:
------------
[+] intitle:"MailBee WebMail"
[+] intext:"Powered by MailBee WebMail"


EXPLOIT:
--------

For example...after the variable "mode2" or "mode"

http://www.[DOMAIN].tld/[PATH]/login.php?mode=[XSS]

http://www.[DOMAIN].tld/[PATH]/default.asp?mode=advanced_login&mode2=[XSS]




NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs!
+===========================================================================+
+      MailBee WebMail Pro <=3.4 (XSS) Multiple Remote Vulnerabilities      +
+===========================================================================+





    Ivan Javier Sanchez
  Vulnerabitity Assessment

     Tel-Fax 011-4276-2399
      Cel-154879059
   www.nullcode.com.ar

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

---MOQ119160708408c16d393ad897378bd9283d81cb30de
Content-Type: text/plain; name="MailBee WebMail Pro.txt"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="MailBee WebMail Pro.txt"

Kz09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PSsNCisgICAgICBNYWlsQmVlIFdlYk1haWwgUHJvIDw9My40IChY
U1MpIE11bHRpcGxlIFJlbW90ZSBWdWxuZXJhYmlsaXRpZXMgICAgICArDQorPT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09Kw0KDQoNCkF1dGhvcihzKTogSXZhbiBTYW5jaGV6ICAmIE1heGltaWxpYW5vIFNvbGVy
DQoNClByb2R1Y3Q6IE1haWxCZWUgV2ViTWFpbCBQcm8gMy40DQoNCldlYjogaHR0cDovL3d3dy5h
ZnRlcmxvZ2ljLmNvbS8NCg0KVmVyc2lvbnM6IDMuNCAob3IgbGVzcykNCg0KRGF0ZTogMDUvMTAv
MjAwNw0KDQoNCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KDQoNCg0KTm90IFZ1
bG5lcmFibGU6IDQuMCAob3Igc3VwZXJpb3IpDQoNCg0KDQpHT09HTEUgRE9SS1M6DQotLS0tLS0t
LS0tLS0NClsrXSBpbnRpdGxlOiJNYWlsQmVlIFdlYk1haWwiDQpbK10gaW50ZXh0OiJQb3dlcmVk
IGJ5IE1haWxCZWUgV2ViTWFpbCINCg0KDQpFWFBMT0lUOg0KLS0tLS0tLS0NCg0KRm9yIGV4YW1w
bGUuLi5hZnRlciB0aGUgdmFyaWFibGUgIm1vZGUyIiBvciAibW9kZSINCg0KaHR0cDovL3d3dy5b
RE9NQUlOXS50bGQvW1BBVEhdL2xvZ2luLnBocD9tb2RlPVtYU1NdDQoNCmh0dHA6Ly93d3cuW0RP
TUFJTl0udGxkL1tQQVRIXS9kZWZhdWx0LmFzcD9tb2RlPWFkdmFuY2VkX2xvZ2luJm1vZGUyPVtY
U1NdDQoNCg0KDQoNCk5VTEwgQ09ERSBTRVJWSUNFUyBbIHd3dy5udWxsY29kZS5jb20uYXIgXSBI
dW50aW5nIFNlY3VyaXR5IEJ1Z3MhDQorPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Kw0KKyAgICAgIE1haWxC
ZWUgV2ViTWFpbCBQcm8gPD0zLjQgKFhTUykgTXVsdGlwbGUgUmVtb3RlIFZ1bG5lcmFiaWxpdGll
cyAgICAgICsNCis9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0r

---MOQ119160708408c16d393ad897378bd9283d81cb30de--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC