CVE-2021–36580.

Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server.

Discovered by: Rohit Gautam

Reference: https:http://icewarp.com
http://mail.ziyan.com

What is Open Redirect?

Open redirect, also known as an open redirector, is a web application vulnerability that allows an attacker to redirect users to arbitrary external URLs. It occurs when a web application redirects users to a target URL specified in an unvalidated or user-controlled parameter.

Bug Description:

An attacker will create a specially crafted GET request with a vulnerable endpoint and the vulnerable parameter redirects to an attacker-controlled domain. So a Legitimate user can be tricked and redirected to an attacker-controlled domain name by successfully exploiting the open redirect vulnerability.

Steps to Reproduce:

1. Go to this Website http://mail.ziyan.com/webmail/basic/?referer=http://example.com&_c=auth&ctz=120&signup_password=&_a%5bsignup%5d=1

2. If you noticed carefully that we have changed the value http://example.com in the referer parameter which will be redirected to http://example.com which is an attacker-controlled Domain.

3. So when the victim clicks on the URL he will be redirected to the attacker's controlled domain.

LinkedIn: https://www.linkedin.com/in/iamrohitg

Thank you
Rohit Gautam.