ZH2003-10SA (security advisory): Mail System Ver. 0.9 Beta

From: G00db0y (G00db0y@zone-h.org)
Date: Wed Jul 16 2003 - 10:25:44 PDT

Next message: Jonathan de Boyne Pollard: "Re: possible open relay hole in qmail-smtpd-auth patch"

Previous message: Immunix Security Team: "Immunix Secured OS 7+ nfs-utils update -- bugtraq"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) ZH2003-10SA (security advisory): Mail System Ver. 0.9 Beta. Published: 16/07/2003 Released: 16/07/2003 Name: Mail System Ver. 0.9 Beta Affected Systems: All versions (?) Issue: Remote attackers can view all messages (and sql injection vulnerability) Author: G00db0y@zone-h.org Description *********** Zone-h Security Team has discovered a serious security flaw in Mail System Ver. 0.9 Beta. This is a simple internal mail system, originaly developed for an intranet project. Details ******* Mail System Ver. 0.9 Beta is a simple internal mail system in ASP. It's possible to retrieve all messages from it. Everyone can download the database at the following url: http://www.example.com/PATH/message.mdb Moreover there is a sql injection vulnerability in the login authentication form. It's located at: http://www.example.com/PATH/default.htm From there it's possible to login with these strings: Login name: ' or 'a'='a Password: ' or 'a'='a Solution: ********* The vendor has been contacted and a patch is not yet produced Suggestions: ************ Protect the message file, rewrite the login procedure. G00db0y - www.zone-h.org admin Original advisory here: http://www.zone-h.org/en/advisories/read/id=2709/

Next message: Jonathan de Boyne Pollard: "Re: possible open relay hole in qmail-smtpd-auth patch"
Previous message: Immunix Security Team: "Immunix Secured OS 7+ nfs-utils update -- bugtraq"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jul 16 2003 - 15:06:52 PDT