chtsecurity/Openfind MAIL2000 Webmail Pre-Auth Cross-Site Scripting.md Secret

## Openfind MAIL2000 Webmail Pre-Auth Cross-Site Scripting.md

      
    Raw
  

              Openfind MAIL2000 Webmail Pre-Auth Cross-Site Scripting.md
            
          
    Openfind MAIL2000 Webmail Pre-Auth Cross-Site Scripting

Current Description

The "/cgi-bin/go" page in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via ACTION parameter without authentication.
The code can executed for any user accessing the page. This vulnerability affects many mail system of governments, organizations, companies and universities.
Details

The injection point is ACTION parameter in "/cgi-bin/go".
We execute arbitrary code via ACTION paramemer without authentication.

Description

We can execute arbitrary code without authentication.
Affected files

http://[Target Domain]/cgi-bin/go
Contributor


Tony Kuo (CHT Security)
Vtim (CHT Security)