Atmail WebAdmin / Webmail Control Panel SQL Root Password Disclosure

2012-07-23T00:00:00
ID PACKETSTORM:114955
Type packetstorm
Reporter Ciph3r
Modified 2012-07-23T00:00:00

Description

                                        
                                            `######################################################################################  
# Vuln Title: Atmail WebAdmin and webmail Control Panel Remote Access SQL Root password Vulnerability  
#  
# Author: FaryadR (a.k.a Ciph3r)  
# tested on : Atmail Email Server 6.20.8  
# Twitter : https://twitter.com/faryadR  
# Mail : Ciph3r.secure@gmail.com  
# Website : http://0c0c0c0c.com  
# Vendor : http://atmail.com  
# Powered by Atmail 6.20.8 - WebAdmin Control Panel   
#  
######################################################################################  
  
[+]Vulnerability :  
  
you can Access All Atmail Webadmin Mail server Configuration and SQL Root Password  
  
  
[+]Poc :  
  
Go to webmail and config Directory and type dbconfig.ini for Access all SQL Configuration  
  
[+]Demo for Test Vuln :  
  
[+]Atmail 6.20.8  
  
http://server/config/dbconfig.ini  
  
`