header-logo
Suggest Exploit
vendor:
MailPost
by:
4
CVSS
MEDIUM
Remote File Enumeration
22
CWE
Product Name: MailPost
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

TIPS MailPost Remote File Enumeration Vulnerability

The TIPS MailPost application is affected by a remote file enumeration vulnerability. This vulnerability arises due to the application's failure to properly sanitize user requests. An attacker can exploit this vulnerability to gain knowledge of the existence of files outside the Web root directory. By accessing the URL 'http://www.example.com/scripts/mailpost.exe/..%255c..%255c..%255cwinnt/system.ini?*nosend*=&email=test@procheckup.com', an attacker can enumerate the contents of the 'winnt/system.ini' file, which can then be used to facilitate further attacks.

Mitigation:

To mitigate this vulnerability, it is recommended to properly sanitize user requests before processing them. Additionally, access controls should be implemented to restrict unauthorized access to sensitive files.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/11599/info

TIPS MailPost is affected by a remote file enumeration vulnerability. This issue is due to a failure to properly sanitize user requests.

An attacker may leverage this issue to gain knowledge of the existence of files outside the Web root directory. Information disclosed in this way may facilitate further attacks.

http://www.example.com/scripts/mailpost.exe/..%255c..%255c..%255cwinnt/system.ini?*nosend*=&email=test@procheckup.com