#2257 Possibilty to get system configuration files

closed-fixed
5
2006-09-30
2006-09-12
Anonymous
No

SM ver. 1.4.4

There is possibility to watch any file with http user
rights. for Example:

https://mail_host/src/right_main.php?
PG_SHOWALL=0&sort=0&startMessage=1&mailbox=../../../etc
/some_file

Discussion

  • Tomas Kuliavas

    Tomas Kuliavas - 2006-09-12

    Logged In: YES
    user_id=225877

    This feature is provided by your imap server. Set
    imap_server_type to 'uw' or check uw IMAP configuration options.

     
  • Tomas Kuliavas

    Tomas Kuliavas - 2006-09-29
    • assigned_to: nobody --> tokul
     
  • Tomas Kuliavas

    Tomas Kuliavas - 2006-09-29

    Logged In: YES
    user_id=225877

    Correct fix is to turn on chroot in UW.

    You can use other SquirrelMail scripts to do same thing.

     
  • Tomas Kuliavas

    Tomas Kuliavas - 2006-09-30

    Logged In: YES
    user_id=225877

    Fixed in 1.5.2cvs and 1.4.9cvs.

    sqimap_mailbox_select() function blocks all mailboxes that
    start with / or contain ../. $imap_server_type variable is
    not checked for 'uw'.

     
  • Tomas Kuliavas

    Tomas Kuliavas - 2006-09-30
    • status: open --> closed-fixed
     

Log in to post a comment.