Uebimiau Webmail 3.2.0-2.0 - Email Disclosure

EDB-ID:

11666

CVE:

N/A




Platform:

PHP

Date:

2010-03-09


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

# Exploit Title: Uebimiau Webmail v3.2.0-2.0 | Email Disclosure
# Date: 09 March 2010
# Author: Z3r0c0re, R4vax
# Software Link: http://www.uebimiau.org/download.php
# Version: 3.2.0-2.0
# Tested on: php
# Code :
*********************************************************
* Uebimiau Webmail Email Disclosure *
*********************************************************
* D0rk:	 *
* "Uebimiau Webmail v3.2.0-2.0"	 *
*********************************************************
* Vuln:	 *
* http://[host]/[path]/inc/database	 *
*********************************************************
* Desc:	 *
* accessing these directores lets you view the users- *
* inboxes and sent emails and any other folders the- *
* user may have.	 *
*********************************************************