Skip to content

Instantly share code, notes, and snippets.

@tonykuo76
Last active August 28, 2020 04:01
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Embed
What would you like to do?
CyberSolutions CyberMail Pre-Auth Open Redirect

CyberSolutions CyberMail Pre-Auth Open Redirect

Current Description

An Open Redirect vulnerability for all browsers in in CyberMail Ver.6.x and Ver.7.x, which will redirect to a malicious site without authentication. This vulnerability affects many mail system of governments, organizations, companies and universities.

Details

The injection point is ACTION parameter in "/cgi-bin/go".

We execute arbitrary code via ACTION paramemer without authentication.

Description

It could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.

Affected files

http://[Target Domain]/cgi-bin/go

Contributor

  • Tony Kuo (CHT Security)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment