[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    popper_mod 1.2.1 and previous accounts compromise
From:       "matthew () ectisp ! net" <matthew () ectisp ! net>
Date:       2002-03-30 13:50:19
[Download RAW message or body]

description: popper_mod is a free, full featured web based POP3 email client written \
in PHP. It is an extension of the now abandoned "popper" project.  It can be \
downloaded from http://www.symatec-computer.com/forums/

bug report: popper_mod 1.2.1 relied on administrators using htaccess authentication \
to protect the administration PHP script.  Unfortunately, I have found no \
administrator yet who has protected their admin script access.  

exploit: simply go to http://www.targetdomain.com/mail/admin  
Your identity as administrator is not verified in anyway, and the complete list of \
user accounts including the passwords is revealed.  You can also delete accounts, \
manipulate settings, and modify accounts.

fix: popper_mod 1.2.2 and above require the administrator to log in with a username \
and password.  As of this advisory, latest version is 1.2.3 which can be downloaded \
from http://www.symatec-computer.com/forums/viewtopic.php?t=14


[prev in list] [next in list] [prev in thread] [next in thread]