CVE-2021–36580.
Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server.
Discovered by: Rohit Gautam
Reference: https:http://icewarp.com
http://mail.ziyan.com
What is Open Redirect?
Open redirect, also known as an open redirector, is a web application vulnerability that allows an attacker to redirect users to arbitrary external URLs. It occurs when a web application redirects users to a target URL specified in an unvalidated or user-controlled parameter.
Bug Description:
An attacker will create a specially crafted GET request with a vulnerable endpoint and the vulnerable parameter redirects to an attacker-controlled domain. So a Legitimate user can be tricked and redirected to an attacker-controlled domain name by successfully exploiting the open redirect vulnerability.
Steps to Reproduce:
1. Go to this Website http://mail.ziyan.com/webmail/basic/?referer=http://example.com&_c=auth&ctz=120&signup_password=&_a%5bsignup%5d=1
2. If you noticed carefully that we have changed the value http://example.com in the referer parameter which will be redirected to http://example.com which is an attacker-controlled Domain.
3. So when the victim clicks on the URL he will be redirected to the attacker's controlled domain.
LinkedIn: https://www.linkedin.com/in/iamrohitg
Thank you
Rohit Gautam.