[horde] Horde 3 expand.php exploit?
Jan Schneider
jan at horde.org
Thu Jan 24 17:44:08 UTC 2008
Zitat von Nathan Lager <nathan at accufind.com>:
> We have what appears to be an exploit in our horde 3 install.
>
> It looks like someone has used our webmail application to send out a ton
> of Spam.
>
> Looking through my access logs, I found things like this:
>
> /imp/expand.php?actionID=expand_addresses&field_name=bcc&field_value=som
> ename%4somedomain%2C%20someothername%4someotherdomain
>
> Each entry had about 50 addresses at a time.
>
> I don't know that this in itself is the exploit, but it definitely IS
> the attacker.
>
> At this point I cant be sure if he exploited the application, or
> actually compromised a user's mailbox.
Neither. He simply uses your webmail interface. This is a regular
user, with valid credentials. Where he got them from is a different
question.
Jan.
--
Do you need professional PHP or Horde consulting?
http://horde.org/consulting/
More information about the horde
mailing list