Exploit Basilix Webmail 0.9.7 - Incorrect File Permissions

Exploiter

Хакер
34,599
0
18 Дек 2022
EDB-ID
20538
Проверка EDB
  1. Пройдено
Автор
TAMER SAHIN
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2001-1044
Дата публикации
2001-01-11
Код:
source: https://www.securityfocus.com/bid/2198/info

A vulnerability has been reported in basilix webmail v. 0.9.7b.

Basilix Webmail ships with several configuration files that have the file extensions '.class' and '.inc'. Among other things, these files contain the authentication information for the MySQL database that the product uses.

These files reside in directories accessible via http. If the webserver is not configured to treat .class and .inc files as PHP scripts,they can be retrieved by remote users.

Properly exploited, this information can allow further attacks on the affected host.

http://target/class/mysql.class
http://target/inc/sendmail.inc (settings.inc and etc.)
 
Источник
www.exploit-db.com

Похожие темы