Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-48104 PoC — SOGo 安全漏洞

Source
https://github.com/E1tex/CVE-2023-48104
Associated Vulnerability
Title:SOGo 安全漏洞 (CVE-2023-48104)
Description:Alinto SOGo before 5.9.1 is vulnerable to HTML Injection.
Description
HTML Injection in Alinto/SOGo Web Client
Readme
# CVE-2023-48104
HTML Injection in Alinto/SOGo Web Client

## Vendor of Product
Alinto

## Vulnerability Type
HTML Injection

## Affected Versions
SOGo Web Mail < 5.9.1

## Attack Vectors
Phishing - In the body of the message, you can inject a malicious form that will send the entered data to the attacker.

## Additional Information
The fix to prevent form tag in mail body has been made -> https://github.com/Alinto/sogo/commit/7481ccf37087c3f456d7e5a844da01d0f8883098

## Discoverer
Spiridonov Ivan/E1tex

## PoC
For demonstration purposes only. PoC Exploit works on SOGo vulnerable clients.
File Snapshot

 [4.0K]  /data/pocs/0e4008d25affb8bea368f7e4873404e2eae909b3
├── [ 11K]  LICENSE
├── [ 596]  README.md
└── [1.8K]  sogopoc.py

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →