A hole in the mail tut.by

    The postal service of the Belarusian portal TUT.by does not have a user authorization check when labeling messages as spam. As a result, an attacker can baffle any user by sending all his letters from the INBOX folder to the Trash folder.

    If you type the following link in the browser mail.tut.by/cgi-bin/go.cgi?address=X&folder=INBOX&server=mail.tut.by&messages=Y, where X is the username and Y is the letter number, then the corresponding letter will be moved to the trash.

    The value of Y can be equal to a specific letter number or several separated by commas.

    Also popular now: