AtMail Webmail Open Redirect

2020.03.11
tr Lutfu Mert Ceylan (TR) tr
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: inurl:/atmail/parse.pl or /mail/parse.pl

[+] Title: AtMail WebMail Open Redirect Vulnerability [+] Date: 2020/03/11 [+] Author: Lutfu Mert Ceylan [+] Vendor Homepage: www.atmail.com [+] Software: Atmail Cloud Hosted Email [+] Tested on: Windows 10 [+] Versions: 4.61 and before [+] Vulnerable Parameter: "redirect" (Get Method) [+] Vulnerable File: /atmail/parse.pl [+} Dork : inurl:/atmail/parse.pl or /mail/parse.pl # Notes: An open redirect is a vulnerability that occurs when an application that takes a parameter and redirects a user to the parameter value without any validation. This vulnerability is used for phishing attacks for redirecting users to visit malicious sites without against their will. # PoC: Example Open Redirect Payload: http://localhost/atmail/parse.pl?redirect=https://lutfumertceylan.com.tr


See this note in RAW Version
Vote for this issue:
66%
34%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top