.

FormMail exploitation

<<

cyber.spirit

User avatar

Sr. Member
Sr. Member

Posts: 356

Joined: Sun Feb 26, 2012 8:07 am

Location: in your heart!

Post Sun Aug 26, 2012 9:53 am

FormMail exploitation

HI guys'
I want to do a pentest form my friend's website and during the Nikto scan i found this message:
FormMail could allow remote code execution  for the attacker.

I did a lot of search to find out how to exploit it but i couldnt find anything useful
however i hacked the ftp service with an awesome exploit but i want to patch this vulnerability too but firstly give me a good exploit if you have then i'll find the patch
thank you
ICS Academy Network Security Certified
<<

cyber.spirit

User avatar

Sr. Member
Sr. Member

Posts: 356

Joined: Sun Feb 26, 2012 8:07 am

Location: in your heart!

Post Sun Aug 26, 2012 2:05 pm

Re: FormMail exploitation

i forgot  to ask is formail famous mail server app? If it is why i counldnt find exploit?
ICS Academy Network Security Certified
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Sun Aug 26, 2012 4:44 pm

Re: FormMail exploitation

Check this out http://www.exploit-db.com/exploits/8950/ basically it makes it easier to create form to email type sites.  One of the issues with this is that it gives a possible method of spamming the recipients of those form messages as well as allowing someone to toss in code such as SQLi into the forms.  And it is PHP based which has a slew of other security issues to worry about.
Certs: GCWN
(@)Dewser
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Sun Aug 26, 2012 9:51 pm

Re: FormMail exploitation

The exploit seems legit as it's from USH as well, but from a very quick look it's an XSS exploit that seems to need user interaction.
I'm an InterN0T'er
<<

cyber.spirit

User avatar

Sr. Member
Sr. Member

Posts: 356

Joined: Sun Feb 26, 2012 8:07 am

Location: in your heart!

Post Mon Aug 27, 2012 3:02 pm

Re: FormMail exploitation

i dont know how to use it becuase its XSS can anyone help me? and MAxe if your meaning about user interaction is they can trace and find me its ok becuase as i said this site is for my friend and all of them know what im donig can anybody help me to run the exploit
ICS Academy Network Security Certified
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Mon Aug 27, 2012 11:39 pm

Re: FormMail exploitation

http://lmgtfy.com/?q=How+does+xss+work

Please, just try a LITTLE harder.

Return to Web Applications

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software