Horde Webmail - XSS + CSRF to SQLi, RCE, Stealing Emails < = v5.2.22

May 19, 2019 06:00 pm Cyber Security 591

# Title: Horde Webmail - XSS + CSRF to SQLi, RCE, Stealing Emails # _____________________________________________________________________________________________________ # Reflected XSS to Remote Command Execution, Remote Code Execution and SQL Injection: # http://webmail.victimserver.com/groupware/admin/user.php?user_name=XSS-PAYLOAD-HERE&form=update_f # http://webmailvictimserver.com/groupware/admin/user.php?user_name=XSS-PAYLOAD-HERE&form=remove_f # http://webmail.victimserver.com/groupware/admin/config/diff.php?app=XSS-PAYLOAD-HERE # Attacker can execute commands & PHP codes remotely and inject harmful SQL queries. # Also, attacker can create users too with those reflected XSS vulnerabilities. # Stay Secure with InfinitumIT - infinitumit.com.tr

Support the originator by clicking the read the rest link below.

horde webmail stealing emails
Read The Rest from the original source
cxsecurity.com

Related News

Be in Touch

All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
Powered By The Internet!!!!