CVE-2023-43770 PoC — Roundcube Webmail 跨站脚本漏洞

Source

https://github.com/skyllpro/CVE-2021-44026-PoC

Associated Vulnerability

Title:Roundcube Webmail 跨站脚本漏洞 (CVE-2023-43770)
Description:Roundcube Webmail是一款基于浏览器的开源IMAP客户端，它支持地址薄管理、信息搜索、拼写检查等。 Roundcube Webmail 1.4.14 之前版本、1.5.4 之前版本 1.6.3 之前版本存在安全漏洞，该漏洞源于program/lib/Roundcube/rcube_string_replacer.php中存在安全问题，允许带有精心设计的链接通过文本或纯电子邮件消息进行 XSS。

Description

Bug Chain XSS (CVE-2020-35730 and CVE-2023-43770) to SQLi (CVE-2021-44026)

File Snapshot


 [4.0K]  /data/pocs/c6899db9edf81ce4c9a6ff0b47b5b79cce25ffe3
├── [2.7K]  exploit_chain_xss_sqli.py
└── [4.0K]  static
    └── [1.5K]  x-fetch-sqli.js

1 directory, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!