.. / CVE-2002-1131

Exploit for SquirrelMail 1.2.6/1.2.7 - Cross-Site Scripting (CVE-2002-1131)

Description:

The Virtual Keyboard plugin for SquirrelMail 1.2.6/1.2.7 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

Proof of Concept

PoC exploit

https://www.exploit-db.com/exploits/21811

Nuclei Template

View the template here CVE-2002-1131.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2002/CVE-2002-1131.yaml

References:

http://www.redhat.com/support/errata/RHSA-2002-204.html
https://www.exploit-db.com/exploits/21811
https://nvd.nist.gov/vuln/detail/CVE-2002-1131
http://www.debian.org/security/2002/dsa-191
http://sourceforge.net/project/shownotes.php?group_id=311&release_id=110774