mailsploit

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

mailsploit

Maarten
Hello,

Is roundcube going to get a patch for mailsploit?

https://www.mailsploit.com/

I tried the demo and it seems that roundcube is vulnurable for this:

https://www.mailsploit.com/index#demo

Incoming mail can be shown is if were from some domein which it is not
from.
_______________________________________________
Roundcube Users mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: mailsploit

A.L.E.C
On 12/07/2017 09:45 AM, Maarten wrote:
> Hello,
>
> Is roundcube going to get a patch for mailsploit?
>
> https://www.mailsploit.com/
>
> I tried the demo and it seems that roundcube is vulnurable for this:
>
> https://www.mailsploit.com/index#demo

I tried that two days ago and see no issue. Could you be more specific?

--
Aleksander 'A.L.E.C' Machniak
Kolab Groupware Developer         [http://kolab.org]
Roundcube Webmail Developer   [http://roundcube.net]
----------------------------------------------------
PGP: 19359DC1 # Blog: https://kolabian.wordpress.com
_______________________________________________
Roundcube Users mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: mailsploit

Maarten
My bad, I tested wrong, seems I understood the exploit wrong. I just
realized it's not on the receiving  end but on
the sending client. Which payload did you use to test roundcube or how
did you test this in roundcube?


On 2017-12-07 10:07, A.L.E.C wrote:

> On 12/07/2017 09:45 AM, Maarten wrote:
>> Hello,
>>
>> Is roundcube going to get a patch for mailsploit?
>>
>> https://www.mailsploit.com/
>>
>> I tried the demo and it seems that roundcube is vulnurable for this:
>>
>> https://www.mailsploit.com/index#demo
>
> I tried that two days ago and see no issue. Could you be more specific?
_______________________________________________
Roundcube Users mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/users