('binary' encoding is not supported, stored as-is) IMail Web Service User Aliases / Mailing Lists Admin Vulnerability Date : January 1, 2002 Author : Zeeshan Mustafa [securityat_private] Application : IPSwitch IMail Web Service Versions Test : 7.05/7.04/7.03/7.02/7.01/6.x Exploitable : Remote Vendor Status : Notified Impact of vulnerability : Forced control of user aliases and mail lists Overview: IPSwitch IMail Web Service is a popular daemon, web-based popper used by most of the ISPs and hosting companies. A flaw in IPSwitch IMail Web Service Version 7.05 allows an admin of the of a domain hosted on the target machine, To take control over Aliases' and Lists' Administration of any domain hosted on the same machine. Details: There is a flaw in the way IMail Web Service checks correct 'admin' privileged session for some domain to administrate aliases. For any domain it *only* checks if the current user is admin or not, rather than checking if the current user is admin on the current domain? An attacker could list/view/add/edit/delete user aliases and mailing lists. Proof of Concept: Vulnerability 1: ================ Objective: To administrate the user aliases. Example: http://
This archive was generated by hypermail 2b30 : Mon Dec 31 2001 - 15:10:16 PST