CVE-2006-5262

Hastymail < 1.5 - Authenticated IMAP Command Injection via CRLF in Mailbox Name

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5262. PoCs published by Vicente Aguilera Diaz.

AI-analyzed exploit summary This exploit demonstrates IMAP/SMTP command injection in Hastymail by injecting arbitrary commands via unsanitized input in the mailbox parameter and SMTP headers. It allows authenticated users to execute commands like CREATE on the IMAP server or send spoofed emails via SMTP.

Description

CRLF injection vulnerability in lib/session.php in Hastymail 1.5 and earlier before 20061008 allows remote authenticated users to send arbitrary IMAP commands via a CRLF sequence in a mailbox name. NOTE: the attack crosses privilege boundaries if the IMAP server configuration prevents a user from establishing a direct IMAP session.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Vicente Aguilera Diaz · textwebappsphp

https://www.exploit-db.com/exploits/28777

View Code ZIP pw:eip

This exploit demonstrates IMAP/SMTP command injection in Hastymail by injecting arbitrary commands via unsanitized input in the mailbox parameter and SMTP headers. It allows authenticated users to execute commands like CREATE on the IMAP server or send spoofed emails via SMTP.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Hastymail 1.5 and prior

Auth required

Prerequisites: Authenticated access to Hastymail · IMAP/SMTP server reachable from the application

MITRE ATT&CK