https://www.exploit-db.com/exploits/25534
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200504-067

SqWebMail是使用Maildir邮箱发送和接收邮件的webCGI客户端。SqWebMail使得远程攻击者可以通过在一个重定向参数内的CRLF序列并跟着一个所期望的脚本或HTML来注入任意web脚本或HTML。

source: http://www.securityfocus.com/bid/13374/info

SQWebmail is prone to a HTTP response splitting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

A remote attacker may exploit this vulnerability to influence or misrepresent how Web content is served, cached or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust. 

sqwebmail?redirect=%0d%0a%0d%0a[INJECT SCRIPT]

来源:BID
名称:13374
链接:http://www.securityfocus.com/bid/13374
来源:SECUNIA
名称:15119
链接:http://secunia.com/advisories/15119