Marc Groot Koerkamp said: >> http://www.securityfocus.com/bid/7952 > > Ok I inpected the exploit and in SM 1.4 the exploit isn't there. I don't > have SM 1.2.x anymore so i didn't check the older versions. > > The exploit had to do with setting move_messages GET vars. Current > Squirrelmail versions retrieve those vars through POST so the > vulnarability dissapeared.
Hi Marc, I just tested the following on a 1.4.0 setup here: http://www.example.com/src/read_body.php?mailbox=/etc/passwd&passed_id=1&; It spit out the /etc/passwd file just fine. You do have to be logged in, though. -Dave ------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php -- squirrelmail-users mailing list List Address: [EMAIL PROTECTED] List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id)95 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
