RoundCube 0.3.1 XRF/SQL injection

ID SSV:72209
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00


No description provided by source.

                                                # Exploit Title: RoundCube 0.3.1 SQL injection
# Date: 10/10/2011
# Author: Smith Falcon
# Software Link:
# Version: 0.3.1
# Tested on: Linux

is vulnerable to SQL Union Injection.

"POST" data in


XRF vulnerable [ POC ]

POST variable

changing variable _action=login to "_action=anything" shows you the site is
vulnerable to XRF attacks. When you replay it with HTTP Live headers, you
see a logged in URL which shows the roundcube 0.3.1 is vulnerable to XRF
attacks. Successful tampering will lead to username compromising.


Credits - iqZer0