Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

kebi-webmail_vul.txt

🗓️ 09 Dec 2001 00:00:00Reported by secretType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 33 Views

Kebi-Webmail Solution allows remote admin access without certification, risking user data exposure.

Code
`kebi-Webmail Solution vulnerability (Tested)  
by secret (e-mail: [email protected] )  
  
  
Summary :   
Get webmail server's admin competence by remote attack in kebi-Webmail Solution.  
  
  
Platform:  
Attacker platform :   
All Operating Systems + Web browser  
  
  
Target platform:  
All kebi Webmail solution loading server  
(kebi enterprise version(KEV) )  
(kebi Academy verseion (KAV) )  
  
  
Description:  
When establish kebi webmail server's basis, there is hidden directory that connect to administrator menu.  
Here is place that it is not known on outside.  
There is no competence certification here to be   
http://target/a/ here justly!  
Because most systems that a wisdom a administrator a person who quote web here is but uses Kebimail server are exposed without certification, the mailserver user's personal information & E-Mail's contents inspection is available all and access is possible to user's homepage contents if use to homepage spaceassignment function.  
Almost all administrator functions by simple exploit to get available but, perfect administrator competence to the Webmail Server user account make and can get perfect administrator competence if put exploit to (free e-mail accountapplication possibility) web browser.  
  
  
exploits : http://mail.sample_target.com/a/  
  
If server who is using kebi webmail solution is mail.sample_target.com:  
Attack is http:// mail.sample_target.com/a/input in web browser url form  
  
  
Solution :   
Prevent that rob webmail server administrator competence to gouge by externalattacker using web certification (.htaccess,etc....) to   
http://webmail_server_URL/a/  
  
  
comment :   
Use kebi webmail solution in many place (research institute, school, the company, and so on).Read this document and secure, and it wished to become big help also.  
  
  
Vendor site :   
http://solution.nara.co.kr/  
http://www.nara.co.kr  
  
  
  
------------------------------------------------------  
The writer : secret (e-mail : [email protected] )  
WOWHACKER Team : http://www.wowhacker.org  
------------------------------------------------------`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
09 Dec 2001 00:00Current
7.4High risk
Vulners AI Score7.4
kebi webmail vulnerabilityremote attack riskadmin access exposureuser data securityexploitation method
33