An Open Redirect vulnerability for all browsers in MAIL2000 through version 6.0 and 7.0, which will redirect to a malicious site without authentication. This vulnerability affects many mail system of governments, organizations, companies and universities.
The injection point is ACTION parameter in "/cgi-bin/go".
It could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.
http://[Target Domain]
/cgi-bin/go
- Tony Kuo (CHT Security)
- Vtim (CHT Security)