('binary' encoding is not supported, stored as-is) kebi-Webmail Solution vulnerability (Tested) by secret (e-mail: sale2001at_private ) Summary : Get webmail server's admin competence by remote attack in kebi-Webmail Solution. Platform: Attacker platform : All Operating Systems + Web browser Target platform: All kebi Webmail solution loading server (kebi enterprise version(KEV) ) (kebi Academy verseion (KAV) ) Description: When establish kebi webmail server's basis, there is hidden directory that connect to administrator menu. Here is place that it is not known on outside. There is no competence certification here to be http://target/a/ here justly! Because most systems that a wisdom a administrator a person who quote web here is but uses Kebimail server are exposed without certification, the mailserver user's personal information & E-Mail's contents inspection is available all and access is possible to user's homepage contents if use to homepage spaceassignment function. Almost all administrator functions by simple exploit to get available but, perfect administrator competence to the Webmail Server user account make and can get perfect administrator competence if put exploit to (free e-mail accountapplication possibility) web browser. exploits : http://mail.sample_target.com/a/ If server who is using kebi webmail solution is mail.sample_target.com: Attack is http:// mail.sample_target.com/a/input in web browser url form Solution : Prevent that rob webmail server administrator competence to gouge by externalattacker using web certification (.htaccess,etc....) to http://webmail_server_URL/a/ comment : Use kebi webmail solution in many place (research institute, school, the company, and so on).Read this document and secure, and it wished to become big help also. Vendor site : http://solution.nara.co.kr/ http://www.nara.co.kr ------------------------------------------------------ The writer : secret (e-mail : sale2001at_private ) WOWHACKER Team : http://www.wowhacker.org ------------------------------------------------------
This archive was generated by hypermail 2b30 : Sat Dec 08 2001 - 01:42:50 PST