[horde] Horde 3 expand.php exploit?
Nathan Lager
nathan at accufind.com
Thu Jan 24 17:10:14 UTC 2008
We have what appears to be an exploit in our horde 3 install.
It looks like someone has used our webmail application to send out a ton
of Spam.
Looking through my access logs, I found things like this:
/imp/expand.php?actionID=expand_addresses&field_name=bcc&field_value=som
ename%4somedomain%2C%20someothername%4someotherdomain
Each entry had about 50 addresses at a time.
I don't know that this in itself is the exploit, but it definitely IS
the attacker.
At this point I cant be sure if he exploited the application, or
actually compromised a user's mailbox.
Any help in tracking this down would be much appreciated.
Thanks!
-----------------------------------------
Nathan
Network Administrator
Accu-Find Internet Services
1-888-WEB-3371
More information about the horde
mailing list