Penetration Testing mailing list archives
IMP 2.2.7 pen-test
From: "Bruno Kovacs" <bruno () saga com br>
Date: Fri, 5 Aug 2005 12:17:24 -0800
Hi, I sent an email yersterday regarding pen-testing a linux system. After many issues investigated, I focused on pen-testing it´s IMP 2.2.7 webmail system, which is knows to have interesting vulns. ( which soft is secure nowadays ?! ) Well, I could get the webserver directory information: ----------- Notice: Passing locale category name as string is deprecated. Use the LC_* -constants instead. in /servername/webmail/horde/imp/lib/postconf.php3 on line 27 Warning: Cannot add header information - headers already sent by (output started at /netflash/webmail/horde/imp/lib/postconf.php3:27) in /servername/webmail/phplib/session.inc on line 448 Warning: Cannot add header information - headers already sent by (output started at /netflash/webmail/horde/imp/lib/postconf.php3:27) in /servername/webmail/phplib/session.inc on line 449 Warning: Cannot add header information - headers already sent by (output started at /netflash/webmail/horde/imp/lib/postconf.php3:27) in /servername/webmail/phplib/session.inc on line 450 Warning: Cannot add header information - headers already sent by (output started at /netflash/webmail/horde/imp/lib/postconf.php3:27) in /servername/webmail/horde/imp/poppassd.php3 on line 38 ----------- Now, I know there is an SQL injection vulnerability on http://www.securityfocus.com/bid/6559/references but I´m getting a little difficulty on actually exploring it. there are more two references about this issue: http://www.securityfocus.com/archive/1/305701 http://www.securityfocus.com/archive/1/306268 Could anyone give some help in this ? I checked it out and when I try to access the lib dir, I have no read permissions! Thanks in regard Bruno Kovacs (CCSE) Saga Sistemas e Computadores S.A. Tel: +55 21 2518-3161 - Ramal 25 bruno () saga com br ------------------------------------------------------------------------------ FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't Learn the hacker's secrets that compromise wireless LANs. Secure your WLAN by understanding these threats, available hacking tools and proven countermeasures. Defend your WLAN against man-in-the-Middle attacks and session hijacking, denial-of-service, rogue access points, identity thefts and MAC spoofing. Request your complimentary white paper at: http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801 -------------------------------------------------------------------------------
Current thread:
- IMP 2.2.7 pen-test Bruno Kovacs (Aug 06)