Vulnerabilities > CVE-2005-1308 - Unspecified vulnerability in Inter7 Sqwebmail

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
inter7
nessus
exploit available
NVD
Published: 2005-04-15
Updated: 2008-09-05

Summary

SqWebMail allows remote attackers to inject arbitrary web script or HTML via CRLF sequences in the redirect parameter followed by the desired script or HTML.

Vulnerable Configurations

Part Description Count
Application
Inter7
9

Exploit-Db

descriptionSQWebmail 3.x/4.0 HTTP Response Splitting Vulnerability. CVE-2005-1308 . Webapps exploit for php platform
idEDB-ID:25534
last seen2016-02-03
modified2005-04-15
published2005-04-15
reporterZinho
sourcehttps://www.exploit-db.com/download/25534/
titleSQWebmail 3.x/4.0 HTTP Response Splitting Vulnerability

Nessus

NASL familyCGI abuses : XSS
NASL idSQWEBMAIL_HTTP_SPLITTING.NASL
descriptionThe remote host is running a version of SqWebMail that does not properly sanitize user-supplied input through the
last seen2020-06-01
modified2020-06-02
plugin id18372
published2005-05-26
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/18372
titleSqWebMail redirect Parameter CRLF Injected XSS
code
#
# (C) Tenable Network Security, Inc.
#



include("compat.inc");

if (description) {
  script_id(18372);
  script_version("1.21");

  script_cve_id("CVE-2005-1308");
  script_bugtraq_id(13374);

  script_name(english:"SqWebMail redirect Parameter CRLF Injected XSS");
 
 script_set_attribute(attribute:"synopsis", value:
"The remote web server contains a CGI script that is affected by a
cross-site scripting flaw." );
 script_set_attribute(attribute:"description", value:
"The remote host is running a version of SqWebMail that does not
properly sanitize user-supplied input through the 'redirect'
parameter.  An attacker can exploit this flaw to inject arbitrary HTML
and script code into a user's browser to be executed within the
context of the affected website.  Such attacks could lead to session
cookie and password theft for users who read mail with SqWebMail." );
 script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2005/Apr/441");
 script_set_attribute(attribute:"solution", value:
"Unknown at this time." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
 script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
 script_set_attribute(attribute:"exploit_available", value:"false");
 script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

 script_set_attribute(attribute:"plugin_publication_date", value: "2005/05/26");
 script_set_attribute(attribute:"vuln_publication_date", value: "2005/04/25");
 script_cvs_date("Date: 2018/11/15 20:50:20");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe",value:"cpe:/a:inter7:sqwebmail");
script_end_attributes();

 
  summary["english"] = "Checks for HTTP response splitting vulnerability in SqWebMail";
  script_summary(english:summary["english"]);
 
  script_category(ACT_ATTACK);
  script_family(english:"CGI abuses : XSS");

  script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");

  script_dependencies("http_version.nasl");
  script_exclude_keys("Settings/disable_cgi_scanning");
  script_require_ports("Services/www", 80);

  exit(0);
}

include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

port = get_http_port(default:80);

# For each CGI directory...
test_cgi_xss(port: port, dirs: cgi_dirs(), cgi: "/sqwebmail",
 qs: "redirect=%0d%0a%0d%0a"+SCRIPT_NAME,
 # There's a problem if there's a redirect
 pass_re:  '^Refresh: 0; URL="$',
 pass2_re: string("^", SCRIPT_NAME, "$"));

References