A Russian habrahabr community member published a post disclosing a zero-day vulnerability in a popular email client roundcube.
It is known that roundcube’s safety is rarely questioned, but the users of hosting providers have recently complained of FTP credentials leak.
After investigating the security incident it was revealed that the data was disclosed after the exploitation of the mail-system. To detect the vulnerability the researchers have carried out partial logging of POST-requests.
It turned out that the attackers attached the script config/db.inc.php and sent it to themselves. After that they recovered a roundcube password from the received file, and through phpmyadmin connected to the database.
Vulnerability description is available here: http://www.naked-security.com/nsa/246104.htm
