This script exploits a stored XSS vulnerability (CVE-2024-42009) in Roundcube Webmail version 1.6.7. It injects a malicious payload into the webmail system, which, when triggered, exfiltrates email content from the victim’s inbox.# XSS Exploit for Roundcube Webmail 1.6.7 (CVE-2024-42009)
## Description
This script exploits a stored XSS vulnerability (CVE-2024-42009) in Roundcube Webmail version 1.6.7. It injects a malicious payload into the webmail system, which, when triggered, exfiltrates email content from the victim’s inbox.
## Features
- Uses a Python HTTP listener to capture and decode stolen email content.
- Sends an XSS payload via a contact form.
- Extracts and prints the captured email body.
## Usage
1. **Start the listener:**
```bash
python3 exploit.py
```
2. **Configure your attack settings in `exploit.py`**
- Set `TARGET_URL` to the target Roundcube instance.
- Replace `YOUR_IP:4444` with your actual listener IP and port.
3. **Monitor captured email content in real time.**
## Reference
A good reference for understanding the impact of this vulnerability can be found in this blog post:
[Government Emails at Risk: Critical Cross-Site Scripting Vulnerability in Roundcube Webmail](https://www.sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail/)
## Disclaimer
This exploit is for educational and authorized penetration testing purposes only. Unauthorized use against systems you do not own or have explicit permission to test is illegal. I am not the person who discovered CVE-2024-42009. This exploit was created using information from various blogs with small help from DeepSeek.
## Requirements
- Python 3.x
- `requests`, `beautifulsoup4` libraries (install with `pip install requests beautifulsoup4`)
## License
This project is for educational use only. Use it responsibly.
[4.0K] /data/pocs/0a95cd60c5391ff6b701172ad86c3644e0e48d10
├── [2.3K] exploit.py
└── [1.6K] README.md
0 directories, 2 files