关联漏洞
标题:
Axigen 跨站脚本漏洞
(CVE-2023-40355)
描述:Axigen是Axigen公司的一个具有群件和协作功能的邮件服务器。 Axigen存在跨站脚本漏洞。攻击者利用该漏洞执行任意代码并获取敏感信息。以下版本受到影响:10.3.3.0版本至10.3.3.59之前版本、10.4.0版本至10.4.19之前版本、10.5.0版本至10.5.5之前版本。
描述
CVE-2023-40355 checker
介绍
# 🚨 CVE-2023-40355 Checker
Welcome to the **CVE-2023-40355 Checker**! This Python script is designed to test for the CVE-2023-40355 vulnerability in web applications.
## 📋 Description
Cross Site Scripting (XSS) vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before 10.4.19, and 10.5.0 before 10.5.5, allows authenticated attackers to execute arbitrary code and obtain sensitive information via the logic for switching between the Standard and Ajax versions.
## 📋 Features
- **Domain Testing**: Check multiple domains listed in a `domain.txt` file for the presence of the `alert(document.cookie)` vulnerability.
- **Colorful Output**: Uses the `colorama` library to provide colored output for better visibility.
## ⚙️ Requirements
- Python 3.x
- `requests` library (install via `pip install requests`)
- `colorama` library (install via `pip install colorama`)
## 📥 Installation
1. Clone the repository:
```bash
git clone https://github.com/ace-83/cve-2023-40355.git
cd cve-2023-40355
for more information about this cve you can read :
- https://medium.com/@amir_h_fallahi/axigen-webmail-0-day-stealing-user-emails-through-xss-728de6782e85
- https://nvd.nist.gov/vuln/detail/CVE-2023-40355
文件快照
[4.0K] /data/pocs/71ad5887297772894c8b297492154aa16b8945e2
├── [1.0K] CVE-2023-40355.py
└── [1.2K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。