WebApp Sec mailing list archives

Re: Webmail Service vulnerabilities

From: Tim Brown <tmb () 65535 com>
Date: Wed, 5 Jan 2005 09:11:10 +0000

On Tuesday 04 January 2005 13:26, Dimitri Borjac wrote:

*snip*

Has any of you already performed an audit of such a service ? Or based
on your experience over webapps security, do you see any other vuln
this service could present?


*snip*

Dimo,

You might want to look at how they handle attachments.  I noticed a problem  
with W3Mail where it placed attachments into a web accessible directory 
allowing injection of server side scripts and access to other web mail users 
files.  In the process of fixing this bug, the developers moved the 
attachments directory out of the web root but created a new bug allowing 
directory traversal outside the web root.  The issues are detailed in 
http://www.nth-dimension.org.uk/pub/NDSA20021112.txt.asc.

Cheers,
Tim
-- 
Tim Brown, Portcullis Computer Security Ltd
<mailto:tmb () 65535 com>
<http://www.portcullis-security.com/>

Current thread:

Webmail Service vulnerabilities Dimitri Borjac (Jan 04)
- Re: Webmail Service vulnerabilities Moritz Naumann (Jan 06)
- Re: Webmail Service vulnerabilities Tim Brown (Jan 06)
- <Possible follow-ups>
- RE: Webmail Service vulnerabilities Scovetta, Michael V (Jan 06)