WebApp Sec mailing list archives
Re: Webmail Service vulnerabilities
From: Tim Brown <tmb () 65535 com>
Date: Wed, 5 Jan 2005 09:11:10 +0000
On Tuesday 04 January 2005 13:26, Dimitri Borjac wrote: *snip*
Has any of you already performed an audit of such a service ? Or based on your experience over webapps security, do you see any other vuln this service could present?
*snip* Dimo, You might want to look at how they handle attachments. I noticed a problem with W3Mail where it placed attachments into a web accessible directory allowing injection of server side scripts and access to other web mail users files. In the process of fixing this bug, the developers moved the attachments directory out of the web root but created a new bug allowing directory traversal outside the web root. The issues are detailed in http://www.nth-dimension.org.uk/pub/NDSA20021112.txt.asc. Cheers, Tim -- Tim Brown, Portcullis Computer Security Ltd <mailto:tmb () 65535 com> <http://www.portcullis-security.com/>
Current thread:
- Webmail Service vulnerabilities Dimitri Borjac (Jan 04)
- Re: Webmail Service vulnerabilities Moritz Naumann (Jan 06)
- Re: Webmail Service vulnerabilities Tim Brown (Jan 06)
- <Possible follow-ups>
- RE: Webmail Service vulnerabilities Scovetta, Michael V (Jan 06)