MyMail.txt

2006-06-27T00:00:00
ID PACKETSTORM:47789
Type packetstorm
Reporter Andries Bruinsma
Modified 2006-06-27T00:00:00

Description

                                        
                                            `# Kurdish Security Advisory  
# irc.gigachat.net #kurdhack  
# Discovered by Botan   
# http://scripts.codingclick.com/MyMail/  
  
http://kurdishsecurity.blogspot.com/2006/06/kurdish-security-9-mymail-directory.html  
  
CodingClick.com MyMail Script is useing for scripts.The passing can do between directory. Examine..  
  
Now only first Directory Traversal vuln  
  
Vulnerable Version = 0.x  
  
http://www.site.com/[MyMail_path]/admin/  
http://www.site.com/[MyMail_path]/admin/list.php?action=add  
http://www.site.com/[MyMail_path]/admin/email.php?action=add or /delete  
http://www.site.com/[MyMail_path]/admin/export.php  
http://www.site.com/[MyMail_path]/admin/archive.php?Action=add or /delete  
  
  
Now XSS attacking looking  
  
Vulnerable Version = 1.0 Beta  
  
http://www.site.com/[MyMail_path]/admin/login.php=error=[XSS]  
`