Hole in the mail tut.by
In the postal service of the Belarusian portal TUT.by there is no check for authorization of the user when marking letters as spam. As a result, an attacker can attack any user by sending all his emails from the INBOX folder to the Trash folder.
If you type in the browser just such a link
The value of Y can be equal to a specific letter number or to several, separated by commas.
If you type in the browser just such a link
mail.tut.by/cgi-bin/go.cgi?address=X&folder=INBOX&server=mail.tut.by&messages=Y mail.tut.by/cgi-bin/go.cgi?address=X&folder=INBOX&server=mail.tut.by&messages=Y , where X is the username and Y is the letter number, the corresponding letter will be moved to the trash.The value of Y can be equal to a specific letter number or to several, separated by commas.
')
Source: https://habr.com/ru/post/14124/
All Articles