CVE-2015-2349 – SuperWebMailer 5.50.0.01160 XSS (Cross-site Scripting) Web Security Vulnerabilities
Exploit Title: CVE-2015-2349 – SuperWebMailer /defaultnewsletter.php" HTMLForm Parameter XSS Web Security Vulnerabilities
Product: SuperWebMailer
Vendor: SuperWebMailer
Vulnerable Versions: 5.*.0.* 4.*.0.*
Tested Version: 5.*.0.* 4.*.0.*
Advisory Publication: March 11, 2015
Latest Update: May 03, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2015-2349
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
CVSS Version 2 Metrics:
Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism
Access Complexity: Medium
Authentication: Not required to exploit
Impact Type: Allows unauthorized modification
Author and Creditor: Jing Wang [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)
Information Details:
(1) Vendor & Product Description:
Vendor:
SuperWebMailer
Product & Vulnerable Versions:
SuperWebMailer
5.60.0.01190
5.50.0.01160
5.40.0.01145
5.30.0.01123
5.20.0.01113
5.10.0.00982
5.05.0.00970
5.02.0.00965
5.00.0.00962
4.50.0.00930
4.40.0.00917
4.31.0.00914
4.30.0.00907
4.20.0.00892
4.10.0.00875
Vendor URL & Download:
SuperWebMailer can be gained from here,
Product Introduction Overview:
“Super webmail is a web-based PHP Newsletter Software. The web-based PHP Newsletter Software Super webmail is the optimal solution for the implementation of a successful e-mail marketing."
“To use the online PHP Newsletter Script is your own website / server with PHP 4 or newer, MySQL 3.23 or later and the execution of CronJobs required. Once installed, the online newsletter software Super webmail can be served directly in the browser. The PHP Newsletter Tool Super webmail can therefore be used platform-independent all operating systems such as Windows, Linux, Apple Macintosh, with Internet access worldwide. The PHP Newsletter Script allows you to manage your newsletter recipients including registration and deregistration from the newsletter mailing list by double-opt In, Double Opt-Out and automatic bounce management. Send online your personalized newsletter / e-mails in HTML and Text format with embedded images and attachments immediately in the browser or by CronJob script in the background immediately or at a later. With the integrated tracking function to monitor the success of the newsletter mailing, if thereby the openings of the newsletter and clicks on links in the newsletter graphically evaluated and presented. Put the integrated autoresponder to autorun absence messages or the receipt of e-mails to confirm."
“It is now included CKEditor 4.4.7. An upgrade to the latest version is recommended as an in CKEditor 4.4.5 Vulnerability found. Super webmail from immediately contains new chart component for the statistics that do not need a flash and are therefore also represented on Apple devices. For the Newsletter tracking statistics is now an easy print version of the charts available that can be printed or saved with PDF printer driver installed in a PDF file. When viewing the e-mails in the mailing lists of the sender of the email is displayed in a column that sent the e-mail to the mailing list. For form creation for the newsletter subscription / cancellation are now available variant"
(2) Vulnerability Details:
SuperWebMailer web application has a computer security bug problem. It can be exploited by XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.
Several other related products 0-day vulnerabilities have been found by some other bug hunter researchers before. SuperWebMailer has patched some of them. FusionVM Vulnerability Management and Compliance provides sources for the latest info-sec news, tools, and advisories. It has published suggestions, advisories, solutions details related to web application vulnerabilities.
(2.1) The programming code flaw occurs at “&HTMLForm" parameter in “defaultnewsletter.php?" page.
Related Work:
http://seclists.org/fulldisclosure/2015/Mar/55
http://www.securityfocus.com/bid/73063
http://lists.openwall.net/full-disclosure/2015/03/07/3
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1819
http://packetstormsecurity.com/files/131288/ECE-Projects-Cross-Site-Scripting.html
http://static-173-79-223-25.washdc.fios.verizon.net/?l=full-disclosure&m=142551542201539&w=2
https://cxsecurity.com/issue/WLB-2015030043
http://aibiyi.lofter.com/post/1cc9f4e9_6edf9bf
http://tetraph.tumblr.com/post/118764414962/canghaixiao-cve-2015-2349-superwebmailer
http://canghaixiao.tumblr.com/post/118764381217/cve-2015-2349-superwebmailer-5-50-0-01160-xss
http://essaybeans.lofter.com/post/1cc77d20_6edf28c
https://www.facebook.com/essaybeans/posts/561250300683107
https://twitter.com/essayjeans/status/598021595974602752
https://www.facebook.com/pcwebsecurities/posts/687478118064775
http://tetraph.blog.163.com/blog/static/234603051201541231655569/
https://plus.google.com/112682696109623633489/posts/djqcrDw5dQp
http://essayjeans.blogspot.com/2015/05/cve-2015-2349-superwebmailer-550001160.html
https://mathfas.wordpress.com/2015/05/12/cve-2015-2349-superwebmailer-5-50-0-01160-xss/
http://www.tetraph.com/blog/xss-vulnerability/cve-2015-2349-superwebmailer-5-50-0-01160-xss/
https://vulnerabilitypost.wordpress.com/2015/05/12/cve-2015-2349-superwebmailer-5-50-0-01160-xss/
http://aibiyi.blogspot.com/2015/05/cve-2015-2349-superwebmailer-550001160.html
比翼鳥資訊 - 在天願作比翼鳥 在地願為連理枝 