Security Information and Review

Collection of security information and review

Posts Tagged 'squirrelmail'

SquirrelMail Cross-Site Request Forgery CSRF Vunerability and Solution

Author : Admin

SquirrelMail is one of the famous webmail package written in pure PHP and support standard e-mail protocol such as IMAP and SMTP protocols. In the SquirrelMain, all pages will render in pure HTML with no JavaScript Script enable required for maximum compatibility in all browsers.

 

In August 12, 2009, a vulnerability was reported at SquirrelMail which can be exploited by an attacker with Cross Site Request Forgery – CSRF technique. Find more information about this technique at Problem and Solution : Cross Site Request Forgery ( XSRF ). … continue reading : SquirrelMail Cross-Site Request Forgery CSRF Vunerability and Solution.

13 August 2009 at 03:48 - Comments