1st Class mail server 4.01 suffers from a directory traversal and cross site scripting vulnerabilities.
37d2fbb2a07f80804c9aaf3e8665223847ed95e04aa791e1f7c74b43a1bf0c76
1st Class mail server 4.01 Directory Traversal and XSS vulnerabilities
Release Date:
April 8, 2004
Severity:
Medium
Vendor:
www.1cis.com
Systems Affected:
Microsoft Windows NT 4.0 (all versions)
Microsoft Windows 2000 (SP3 and earlier)
Microsoft Windows XP (all versions)
Microsoft Windows 9x
Services Affected:
Webmail service (80)
Details:
The 1st Class Mail Server is a small, scalable SMTP, POP3 and Web Mail server designed for small businesses and
individuals. Its simple design, ease of use, and low cost make the 1st Class Mail Server a cost effective product
that fits all your needs.
A vulnerability has been discovered on 1st class mail server that allow a malicious user to read arbitary files on
a system using "../"The vulnerability is caused due to an input validation error.
Second, some XSS attacks have been identified:
http://[host]/AUTH=[some_value]/user/viewmail.tagz?Site=www.hack.gr&Mailbox=3&MessageIndex=[html_code]>
http://[host]/AUTH=[some_value]/user/?Site=www.hack.gr&Mailbox=[html_code]
http://[host]/AUTH=[some_value]/user/members.tagz?Site=www.hack.gr&Mailbox=[html_code]
http://[host]/AUTH=[some_value]/user/general.tagz?Site=www.hack.gr&Mailbox=[html_code]
http://[host]/AUTH=[some_value]/user/advanced.tagz?Site=www.hack.gr&Mailbox=<[html_code]>
http://[host]/AUTH=[some_value]/user/list.tagz?Site=www.hack.gr&Mailbox=[html_code]
Credit:
Dr_insane
Http://members.lycos.co.uk/r34ct/
Feedback
Please send your comments to: dr_insane@pathfinder.gr
______________________________________________________________________________________
http://mobile.pathfinder.gr - Pathfinder Mobile logos & Ringtones!
http://www.pathfinder.gr - ÄùñåÜí mail áðü ôïí Pathfinder!