11 lines
No EOL
902 B
Text
11 lines
No EOL
902 B
Text
source: https://www.securityfocus.com/bid/2029/info
|
|
|
|
Postaci Webmail is a database-driven web e-mail system. PostACI contains a vulnerability in its default configuration that may allow a remote attacker to gain access to the underlying database.
|
|
|
|
Webmail stores database username and password information in a file called global.inc. This file is world-readable and stored in a directory accessible by a web browser over the internet. As a result, an attacker can retrieve the global.inc file with a web browser on a typical system (default configuration). Once obtained, the attacker may be able to access the systems database.
|
|
|
|
Successful exploitation will lead to the attacker gaining unauthorized access to the database.
|
|
|
|
Depending on the database and system type, this may lead to a compromise of interactive access on the host running Webmail and the database.
|
|
|
|
http://target/includes/global.inc |