CVE-2005-3128 PoC — Squirrelmail Address Add Plugin 'add.php'跨站漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2005/CVE-2005-3128.yaml

Associated Vulnerability

Title:Squirrelmail Address Add Plugin 'add.php'跨站漏洞 (CVE-2005-3128)
Description:SquirrelMail是一款由PHP4语言编写，基于标准的webmail软件包。 Squirrelmail Address Add Plugin 中的add.php存在XSS漏洞，攻击者通过IMG 标签可以插入任意的脚本或者HTML文件。

Description

SquirrelMail Address Add 1.4.2 plugin contains a cross-site scripting vulnerability. It fails to properly sanitize user-supplied input, thus allowing an attacker to execute arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

File Snapshot


 id: CVE-2005-3128

info:
  name: SquirrelMail Address Add 1.4.2 - Cross-Site Scripting
  author: dhi

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!