This module uses an authenticated PHP object deserialization vulnerability to deploy an agent in Roundcube Webmail that will run with the same privileges as the webapp. The module will use the given credentials to authenticate against Roundcube Webmail in the target. Then, it will generate a payload for agent deployment and abuse the _from parameter defined in the upload.php file to inject it in the $_SESSION variable. This variable will be processed by the unserialize function in the rcube_session class. Finally, the module will proceed to logout from the webapp to trigger the PHP object deserialization vulnerability and deploy the agent.
CVE Link
Exploit Platform
Exploit Type
Product Name