支持本站 — 捐款将帮助我们持续运营

目标: 1000 元,已筹: 1000

100.0%
立即捐款

POC详情: 9ea25129cf10ec1c2d25217f28e2acd47cd35235

来源
https://github.com/d0gukank/CVE-2019-1218
关联漏洞
标题:Microsoft Outlook for iOS 输入验证错误漏洞 (CVE-2019-1218)
Description:Microsoft Outlook是美国微软(Microsoft)公司的一套电子邮件应用程序。 Microsoft Outlook for iOS中存在安全漏洞。攻击者可通过向用户发送特制的电子邮件利用该漏洞在受影响的系统上执行跨站脚本攻击,并在当前用户的安全上下文中运行脚本。
Description
Outlook iOS Spoofing Vulnerability
介绍
# CVE-2019-1218 Outlook iOS Spoofing Vulnerability


I discovered XSS in IOS Outlook Mobile Application. A severe vulnerability in Microsoft Outlook for IOS that could allow an attacker to takeover a victim’s device. The security issue could enable a malicious actor to execute a cross-site scripting (XSS) exploit on any IOS smartphone or tablet using the email client. This is due to the way the software parses specifically crafted email messages.

By using the Javascript payloads, It can be modified content on the application.

A spoofing vulnerability exists in the way Microsoft Outlook iOS software parses specifically crafted email messages. An authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim.

The attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on the affected systems and run scripts in the security context of the current user.

The security update addresses the vulnerability by correcting how Outlook for IOS parses specially crafted email messages.

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1218




[![poc.gif](https://s5.gifyu.com/images/poc.gif)](https://gifyu.com/image/vcEB)
文件快照

 [4.0K]  /data/pocs/9ea25129cf10ec1c2d25217f28e2acd47cd35235
├── [3.8M]  poc.mp4
└── [1.2K]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。