[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Madirish Webmail 2.01 (basedir) RFI/LFI Vulnerability
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: Madirish Webmail 2.01 (basedir) RFI/LFI Vulnerability
- From: eidelweiss@xxxxxxxxxxxxxxxxx
- Date: 24 Apr 2010 17:31:37 -0000
Madirish Webmail is prone to Multiple vulnerabilities because it fails to
properly sanitize user-supplied input.
An attacker can exploit these vulnerabilities to obtain potentially sensitive
information and execute arbitrary local scripts in the context of the webserver
process. This may allow the attacker to compromise the application and the
computer; other attacks are also possible.
There is a vulnerability in almost every file directory of Madirish Webmail
v2.01.
Vendor fix the vulnerability in version 2.0 and update to v2.0.1
But vendor not perfectly fix the vulnerability , they just edit the code to
handle Remote file inclusions,
but as we see still have RFI vulnerability and now i see possible LFI there.
Attackers can exploit these issues via a browser.
The following example is available:
========================================================================
-=[ P0C RFI ]=-
http://127.0.0.1/Madirish_Webmail/lib/addressbook.php?basedir= [sh3ll
inj3ct0r]
-=[ P0C LFI ]=-
http://127.0.0.1/Madirish_Webmail/index.php?basedir= [LFI]%00
etc, etc, etc
========================================================================
Solution: Fix / Edit the code or update to new version if available, Example:
*/
require_once($basedir."lib/sql.php"); // change into
require_once("Madirish_Webmail/lib/sql.php");
require_once($basedir."lib/html.php"); // change into
require_once("Madirish_Webmail/lib/html.php");
=========================| -=[ E0F ]=- |=================================