Horde Webmail 5.1 – Open Redirect

Exploit Database
11 阅读

作者： felipe andrian

日期： 2014-04-01
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/32638/

[+] Horde webmail - Open Redirect Vulnerability 
[+] Date: 31/03/2014
[+] Risk: Low
[+] Remote: Yes
[+] Author: Felipe Andrian Peixoto
[+] Vendor Homepage: http://www.horde.org/apps/webmail
[+] Contact: felipe_andrian@hotmail.com
[+] Tested on: Windows 7 and Linux
[+] Vulnerable File: go.php
[+] Dork: inurl:horde/util/go.php?
[+] Version: 5.1 probably other versions too
[+] Exploit : http://host/horde/util/go.php?url=[ Open Redirect Vul ]

Note : An open redirect is an application that takes a parameter and redirects a user to the parameter value without any validation. 
This vulnerability is used in phishing attacks to get users to visit malicious sites without realizing it.
Reference :https://www.owasp.org/index.php/Open_redirect

last Exploits
Horde Webmail 5.1 – Open Redirect的更多信息

RICOH MP C6503 Plus Printer – Cross-Site Scripting：
Dingtian-DT-R002 3.1.276A – Authentication Bypass：
Netvolution 2.5.8 – ‘referer’ Header SQL Injection：
iSocial 1.2.0 – Cross-Site Scripting / Cross-Site Request Forgery：
Online Mobile Recharge Script – SQL Injection：
Andy’s PHP KnowledgeBase 0.95.4 – ‘step5.php’ PHP Remote Code Execution：
SysAid Help Desk Software 14.4.32 b25 – SQL Injection (Metasploit)：
Phpscript-sgh 0.1.0 – Time Based Blind SQL Injection：