Scribd Logo
Upload

Welcome to Scribd!

  • Authenticated Reflected Cross Site Scripting (XSS) at Gateway

    Uploaded by

    pankaj thakur
    14 views2 pages
    An authenticated cross-site scripting (XSS) vulnerability was found in the 'gateway' parameter of the MDaemon Email Server version 22.0.0 that allows executing arbitrary JavaScript code. The vulnerability occurs because user-supplied input is not properly sanitized before being returned in the response. An attacker could exploit this to hijack user sessions and impersonate users. The researcher provides a proof-of-concept attack string and recommends sanitizing all user input and properly URL encoding untrusted data used in URLs to address the issue.

    Original Description:

    MDAEMON

    Original Title

    Authenticated Reflected Cross Site Scripting (XSS) at gateway

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    An authenticated cross-site scripting (XSS) vulnerability was found in the 'gateway' parameter of the MDaemon Email Server version 22.0.0 that allows executing arbitrary JavaScript code. The vulnerability occurs because user-supplied input is not properly sanitized before being returned in the response. An attacker could exploit this to hijack user sessions and impersonate users. The researcher provides a proof-of-concept attack string and recommends sanitizing all user input and properly URL encoding untrusted data used in URLs to address the issue.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    14 views2 pages

    Authenticated Reflected Cross Site Scripting (XSS) at Gateway

    Uploaded by

    pankaj thakur
    An authenticated cross-site scripting (XSS) vulnerability was found in the 'gateway' parameter of the MDaemon Email Server version 22.0.0 that allows executing arbitrary JavaScript code. The vulnerability occurs because user-supplied input is not properly sanitized before being returned in the response. An attacker could exploit this to hijack user sessions and impersonate users. The researcher provides a proof-of-concept attack string and recommends sanitizing all user input and properly URL encoding untrusted data used in URLs to address the issue.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 2

    MDaemon Email Server (External Penetration Testing)

    Finding GTN-002: Authenticated Reflected Cross Site Scripting (XSS) at ‘gateway’


    Parameter through URL

    Severity: High
    Vendor of the product: MDaemon Technologies
    Product: MDaemon Email Server
    Version: 22.0.0
    Researcher: Pankaj Kumar Thakur (Green Tick Nepal Pvt. Ltd.)

    Details of Vulnerability:
    The payload ’ss%3Csvg/oNLoAd=alert(1)’ was submitted with GET Request method from URL. The HTTP response appears to contain the
    output from the injected payload, indicating that the payload was executed successfully on the server.

    Impact:
    XSS attacks can expose the user's session cookie, allowing the attacker to hijack the user's session and gain access to the user's account,
    which could lead to impersonation of users.

    Evidence:

    http://192.168.1.185:1000/gateway_props.wdm?sid=NPITNVCKZTTUMX&gateway=ss%3Csvg/oNLoAd=alert(1)%3E

    Change sid id ,
    MDaemon Email Server (External Penetration Testing)

    Suggested Remediation:

     Sanitize all the user supplied inputs before executing them. Your application code should never blindly output the result of input
    data received without validation.
     URL encoding must be done before inserting untrusted data into HTML URL parameter values.

    You might also like