Smartermail 6919 Exploit !!link!!

Because SmarterMail logs everything (including malformed requests), the attacker injects a C# web shell into the User-Agent header:

by exploiting an insecure deserialization of untrusted data in .NET remoting endpoints. Technical Overview smartermail 6919 exploit

The attacker sends a POST request to a vulnerable endpoint, such as: https://mail.target.com:9998/api/v1/settings/backup/restore or a legacy ASMX web service. Within the request body, they embed serialized .NET objects containing malicious instructions. Because SmarterMail runs on the .NET framework, insecure BinaryFormatter or JavaScriptSerializer deserialization allows the server to process these objects without proper type validation. smartermail 6919 exploit