Web Application Security
Smarter Mail All Versions - Privilege Escalation Feb 03 2014 08:06PM
Mark Litchfield (mark securatary com)
This attack will allow a regular SmarterMail user to elevate their
privileges to Domain Administrator.

I tried to contact Smartmail with the usual security email aliases,
apparently they do not have any. I posted to their forum for a contact
and all I got was an email stating check you are running the latest
version then if you like please contact us at sales (at) smartertools (dot) com [email concealed]

I personally do not want to run around here and there on my own time.
Maybe they should consider a more different approach to people trying to
report security issues. A good start would be security (at) smartertools (dot) com [email concealed]

A step by step with the usual screen shots at -

All the best

Mark Litchfield

This list is sponsored by Cenzic
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus