header-logo
Suggest Exploit
vendor:
Basilix Webmail
by:
SecurityFocus
4.3
CVSS
MEDIUM
Information Disclosure
200
CWE
Product Name: Basilix Webmail
Affected Version From: 0.9.7b
Affected Version To: 0.9.7b
Patch Exists: NO
Related CWE: N/A
CPE: a:basilix:basilix_webmail
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Basilix Webmail v. 0.9.7b Vulnerability

A vulnerability has been reported in basilix webmail v. 0.9.7b. Basilix Webmail ships with several configuration files that have the file extensions '.class' and '.inc'. Among other things, these files contain the authentication information for the MySQL database that the product uses. These files reside in directories accessible via http. If the webserver is not configured to treat .class and .inc files as PHP scripts, they can be retrieved by remote users. Properly exploited, this information can allow further attacks on the affected host.

Mitigation:

Configure the webserver to treat .class and .inc files as PHP scripts.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/2198/info

A vulnerability has been reported in basilix webmail v. 0.9.7b.

Basilix Webmail ships with several configuration files that have the file extensions '.class' and '.inc'. Among other things, these files contain the authentication information for the MySQL database that the product uses.

These files reside in directories accessible via http. If the webserver is not configured to treat .class and .inc files as PHP scripts,they can be retrieved by remote users.

Properly exploited, this information can allow further attacks on the affected host.

http://target/class/mysql.class
http://target/inc/sendmail.inc (settings.inc and etc.)

Navigation

Suggest Exploit

Services By CQR