Openfind MAIL2000 Webmail Pre-Auth Open Redirect
===
## Current Description
An Open Redirect vulnerability for all browsers in MAIL2000 through version 6.0 and 7.0, which will redirect to a malicious site without authentication. 
This vulnerability affects many mail system of governments, organizations, companies and universities.


## Details
The injection point is ACTION parameter in "/cgi-bin/go".

### We execute arbitrary code via ACTION paramemer without authentication.

#### Description
It could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.

#### Affected files
http://`[Target Domain]`/cgi-bin/go


## Contributor
* Tony Kuo (CHT Security)
* Vtim (CHT Security)