Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

SmarterMail 7.1.3876 Directory Traversal

🗓️ 21 Sep 2010 00:00:00Reported by sqlhackerType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 28 Views

SmarterMail 7.1.3876 Directory Traversal vulnerability with OS Command Injectio

Code
` Vendor: smartertools.com SmarterMail 7.x (7.1.3876) | Bug : Directory  
Traversal, OS Command Injection, Other Critcal Vulns  
########################################################################  
  
# Vendor: smartertools.com SmarterMail 7.x (7.1.3876)  
# Date: 2010-09-12  
# Author : sqlhacker – http://cloudscan.me  
# Thanks to : Burp Suite Pro - engagement tool  
# : FuzzDB  
# Contact : [email protected]  
# Home : http://cloudscan.me  
# Dork : insite: SmarterMail Enterprise 7.1  
# Bug : Directory Traversal, OS Command Injection, Other Critcal Vulns  
# Tested on : SmarterMail 7.x (7.1.3876) // Windows 2008 /64/R2  
# Vendor Contact - August 14, 2010  
# -Multiple email exchanges with Vendor thru Labor Day 2010  
# - Vendor took no action 9/1/2010  
# - Public Disclosure with Workaround Solution Provided 9-4-2010  
########################################################################  
Source URL  
http://cloudscan.blogspot.com/2010/09/smarter-stats-533819-file-fuzzing.html  
  
The default installation of SmarterMail is vulnerable to 1 (or more) of the  
file fuzzing types contained within FuzzDB and Burp Suite Pro 1.3.08 as a  
baseline analysis for exploit surface modeling.  
  
Reduced to exploits, Directory Traversal, OS Injection and Execution.  
Initial Exploit Requires user-level privs.  
  
A malicious user seeking to exploit Browser Clients can launch attacks from  
the User Home / Public Web Directory utilizing the SSL Certificate of the  
Host Provider.  
A malicious user seeking to exploit the Host Server can launch attacks as  
Local File Inclusion or Remote File Inclusion and perform Operating System  
Injections and Execution.  
A malicious user can read and write directories, files and perform malicious  
operations due to the default configuration of smartermail.  
  
  
This is reduced to: GET {Vulnerable SmarterMail  
Site}/path/*payload*relative/path/to/target/file/  
..%255c  
.%5c../..%5c  
/..%c0%9v../  
/..%c0%af../  
/..%255c..%255c  
../../../../../../win.ini  
../../../../../../SmarterMail/ExploitShells  
../../../../../../SmarterMail/{Domain}/{(l)uzername)/PubPayloadDir/logo_25.jpg%../%../somewhere  
to read/write  
A workaround is posted in the Source URL  
http://cloudscan.blogspot.com/2010/09/smarter-stats-533819-file-fuzzing.html  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
21 Sep 2010 00:00Current
0.3Low risk
Vulners AI Score0.3
smartermail 7.1.3876directory traversalos command injectionbugvendorfuzzdbburp suite provulnerable sitessl certificatehost serverlocal file inclusionremote file inclusionoperating system injectionsexecutionworkaround solution
28