| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 7 Jan 2014 14:57:31 GMT From: sisco.barrera@...il.com To: bugtraq@...urityfocus.com Subject: SPAMINA EMAIL FIREWALL 3.3.1.1 - Directory Traversal - Vulnerability in the web application of Spamina email firewall. Vulnerability Type: Directory Traversal - Original release date: October 3th, 2013 - Last revised: December 9th, 2013 - Discovered by: Sisco Barrera - A2SECURE Products and affected versions: SPAMINA EMAIL FIREWALL 3.3.1.1 (maybe other versions also vulnerable) Vulnerability Discovered by: Sisco Barrera - sisco.barrera@...il.com Company: A2SECURE - Espaņa A2Secure Website: http://www.a2secure.com Vendor Website: http://www.spamina.com Application Website: http://es.spamina.com/es/products.php?pob=CloudEmailFirewall ====================== Background ====================== Spamina is a global leader in offering innovative Cloud-based E-mail & Web security solutions. Our security solutions help organizations to instantly secure and manage their information while maintaining compliance and corporate policies. Spamina solutions include Cloud Email Firewall, Cloud Email Encryption & DLP, Cloud Email Archiving and Cloud Web Security to provide Web traffic filtering. ====================== Vulnerability Details ====================== A directory-traversal attack is based on the premise that web clients are limited to specific directories within the Windows files system. The initial directory access by web clients is known as the root directory on a web server. This root directory typically stores the home page usually known as Default or Index, as well as other HTML documents for the web server. The web server should allow users to access only these specific directories and subdirectories of root. However, a directory- traversal attack permits access to other directories within the file system. The encoded version of / (slash) in ../ directory traversal request (%2E%2E%2F) seems to be now fixed, after our previous alert. Spamina should define access rights to private folders on the web server, implement a special characters filtering, apply patches and hotfixes. ====================== Proof of Concepts ====================== This URLs just show the directory traversal are this: https://xxx.xxx.xxx.xxx/?action=showHome&language=../../../../../../../../../../etc/passwd%00.jpg https://xxx.xxx.xxx.xxx/multiadmin/js/lib/?action=../../../../../../../../../../etc/passwd&language=de https://xxx.xxx.xxx.xxx/index.php?action=userLogin&language=../../../../../../../../../../etc/passwd.jpg ====================== Credits/Author ====================== Sisco Barrera a2secure.com ====================== Disclaimer ====================== All information is provided without warranty. The intent is to provide information to secure infrastructure and/or systems, not to be able to attack or damage. Therefore A2Secure shall not be liable for any direct or indirect damages that might be caused by using this information.
Powered by blists - more mailing lists