Atmail WebAdmin and Webmail Control Panel – SQL Root Password Disclosure

• Exploit Database
• 14 阅读

• 作者： Ciph3r
  日期： 2012-07-23
• 类别：

  • webapps
  平台：

  • linux
• 来源：https://www.exploit-db.com/exploits/20037/

• ######################################################################################
  # Vuln Title: Atmail WebAdmin and webmail Control Panel Remote Access SQL Root password Vulnerability
  # 
  # Author: FaryadR (a.k.a Ciph3r)
  # tested on : Atmail Email Server 6.20.8
  # Twitter : https://twitter.com/faryadR
  # Mail : Ciph3r.secure@gmail.com
  # Website : http://0c0c0c0c.com
  # Vendor : http://atmail.com
  #Powered by Atmail 6.20.8 - WebAdmin Control Panel	
  #
  ######################################################################################
   
  [+]Vulnerability :
  
  you can Access All Atmail Webadmin Mail server Configuration and SQL Root Password
  
  
  [+]Poc : 
  
  Go to webmail and config Directory and type dbconfig.ini for Access all SQL Configuration
  
  [+]Demo for Test Vuln :
  
  [+]Atmail 6.20.8
  
  http://server/config/dbconfig.ini