Alt-N WebAdmin version 3.3.3 suffers from a remote source code disclosure vulnerability. Also affected is U-Mail for Windows version 9.8 and U-Mail GateWay for Windows version 9.8.
463f4e8bc5d27ae0d0f91b4239888aabb80818473f98de5f45f4248aebf01d9c
Vulnerable: v3.3.3
Vendor: www.altn.com
Category: Environment Error
Vulnerable
========
Alt-N WebAdmin 3.3.3
U-Mail for Windows V9.8
U-Mail GateWay for Windows V9.8
Details:
=========
A source code disclosure vulnerability exists with Alt-N WebAdmin Server.
Remote attacker can be exploited to disclose the source code by appending "%2e" or "%20" to a URI.
Test on U-Mail for Windows V9.8 and U-Mail GateWay for Windows V9.8
POC:
=========
http://ip:1000/login.wdm%20
http://ip:1000/login.wdm%2e
Reference:
=========
www.comingchina.com/download.html
http://www.nansec.com/