From: David R. <db...@gr...> - 2003-06-23 19:20:57
|
Marc Groot Koerkamp said: >> http://www.securityfocus.com/bid/7952 > > Ok I inpected the exploit and in SM 1.4 the exploit isn't there. I don'= t > have SM 1.2.x anymore so i didn't check the older versions. > > The exploit had to do with setting move_messages GET vars. Current > Squirrelmail versions retrieve those vars through POST so the > vulnarability dissapeared. Hi Marc, I just tested the following on a 1.4.0 setup here: http://www.example.com/src/read_body.php?mailbox=3D/etc/passwd&passed_id=3D= 1& It spit out the /etc/passwd file just fine. You do have to be logged in, though. -Dave |