[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: popper_mod 1.2.1 and previous accounts compromise
From: "matthew () ectisp ! net" <matthew () ectisp ! net>
Date: 2002-03-30 13:50:19
[Download RAW message or body]
description: popper_mod is a free, full featured web based POP3 email client written \
in PHP. It is an extension of the now abandoned "popper" project. It can be \
downloaded from http://www.symatec-computer.com/forums/
bug report: popper_mod 1.2.1 relied on administrators using htaccess authentication \
to protect the administration PHP script. Unfortunately, I have found no \
administrator yet who has protected their admin script access.
exploit: simply go to http://www.targetdomain.com/mail/admin
Your identity as administrator is not verified in anyway, and the complete list of \
user accounts including the passwords is revealed. You can also delete accounts, \
manipulate settings, and modify accounts.
fix: popper_mod 1.2.2 and above require the administrator to log in with a username \
and password. As of this advisory, latest version is 1.2.3 which can be downloaded \
from http://www.symatec-computer.com/forums/viewtopic.php?t=14
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic