## https://sploitus.com/exploit?id=BD2D3C2C-AE72-579E-B839-BF1812752630
# CVE-2024-42008-9-exploit
The scripts in this repository are made to abuse CVE-2024-42008 and CVE-2024-42009. Both of these CVEs are vulnerabilities found on Roundcube 1.6.7
Read more about these CVEs and how they can be exploited in the following link:
```
https://www.sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail/
```
The javascript code reads 20 emails in the victims inbox. So to get the response it is necessary to set up a listener on port 80.
The standard python http server won't work since it only admits GET requests, and in this case the script performs POST requests.
To fix this issue I suggest asking ChatGPT or Deepseek to make a script that admits POST requests.