Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2002-1131 PoC — SquirrelMail多个脚本跨站脚本执行漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2002/CVE-2002-1131.yaml
Associated Vulnerability
Title:SquirrelMail多个脚本跨站脚本执行漏洞 (CVE-2002-1131)
Description:SquirrelMail是一款PHP编写的WEBMAIL程序。 SquirrelMail中多个脚本对用户提供的参数缺少正确过滤,远程攻击者可以利用这些漏洞进行跨站脚本执行攻击。 SquirrelMail中的addressbook.php、options.php、search.php、help.php脚本对用户提交的HTML或者JAVASCRIPT代码缺少过滤,远程攻击者可以构建包含恶意脚本代码的页面,并诱使用户点击访问,脚本代码就会在目标用户的浏览器上执行,造成基于Cookie认证的信息泄露。 <*链接:
Description
The Virtual Keyboard plugin for SquirrelMail 1.2.6/1.2.7 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
File Snapshot

 id: CVE-2002-1131

info:
  name: SquirrelMail 1.2.6/1.2.7 - Cross-Site Scripting
  author: dhiyanesh

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.