Emumail EMU Webmail多个漏洞

Emumail EMU Webmail多个漏洞

漏洞ID 1107782 漏洞类型 跨站脚本
发布时间 2004-03-12 更新时间 2005-10-20
图片[1]-Emumail EMU Webmail多个漏洞-安全小百科CVE编号 CVE-2004-2334
图片[2]-Emumail EMU Webmail多个漏洞-安全小百科CNNVD-ID CNNVD-200412-791
漏洞平台 CGI CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/23810
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-791
|漏洞详情
EMUWebmail5.2.7版本存在多个跨站脚本攻击(XSS)漏洞。远程攻击者可以借助(1)emumail.fcgi中的一个到variable参数的十六进制编码数值,(2)emumail.fcgi中的folder参数,或者登录页面中(3)username字段的或(4)password字段的Javascript注入任意web脚本。
|漏洞EXP
source: http://www.securityfocus.com/bid/9861/info
 
Multiple vulnerabilities have been identified in the application that may allow an attacker to carry out cross-site scripting attacks and disclose the path to the victim's home directory. The issues are reported to exist in the login script, 'emumail.fcgi' script and the 'init.emu' sample script.
 
EMU Webmail 5.2.7 has been reported to be affected by these issues.

http://www.example.com/webmail/emumail.fcgi?passed=parse&variable=%3Cscript%3Ealert( %22G%22)%3C/script%3E
http://www.example.com/webmail/emumail.fcgi?passed=go_index&folder=<script>alert("G")</script>
|参考资料

来源:XF
名称:emu-webmail-login-xss(15452)
链接:http://xforce.iss.net/xforce/xfdb/15452
来源:XF
名称:emu-webmail-emumail-xss(15451)
链接:http://xforce.iss.net/xforce/xfdb/15451
来源:www.zone-h.com
链接:http://www.zone-h.com/advisories/read/id=4141
来源:BID
名称:9861
链接:http://www.securityfocus.com/bid/9861
来源:OSVDB
名称:4972
链接:http://www.osvdb.org/4972
来源:OSVDB
名称:4204
链接:http://www.osvdb.org/4204
来源:SECTRACK
名称:1009397
链接:http://securitytracker.com/id?1009397
来源:SECUNIA
名称:11110
链接:http://secunia.com/advisories/11110
来源:members.lycos.co.uk
链接:http://members.lycos.co.uk/r34ct/main/emu/emu.txt

相关推荐: Microsoft Internet Explorer 6.0 / Firefox 0.8/0.9.x – JavaScript Denial of Service

Microsoft Internet Explorer 6.0 / Firefox 0.8/0.9.x – JavaScript Denial of Service 漏洞ID 1054569 漏洞类型 发布时间 2004-08-23 更新时间 2004-08-…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享