Hello,
Is roundcube going to get a patch for mailsploit?
I tried the demo and it seems that roundcube is vulnurable for this:
https://www.mailsploit.com/index#demo
Incoming mail can be shown is if were from some domein which it is not from.
On 12/07/2017 09:45 AM, Maarten wrote:
Hello,
Is roundcube going to get a patch for mailsploit?
I tried the demo and it seems that roundcube is vulnurable for this:
I tried that two days ago and see no issue. Could you be more specific?
My bad, I tested wrong, seems I understood the exploit wrong. I just realized it's not on the receiving end but on the sending client. Which payload did you use to test roundcube or how did you test this in roundcube?
On 2017-12-07 10:07, A.L.E.C wrote:
On 12/07/2017 09:45 AM, Maarten wrote:
Hello,
Is roundcube going to get a patch for mailsploit?
I tried the demo and it seems that roundcube is vulnurable for this:
I tried that two days ago and see no issue. Could you be more specific?