On Tuesday 04 January 2005 13:26, Dimitri Borjac wrote:
*snip*
> Has any of you already performed an audit of such a service ? Or based
> on your experience over webapps security, do you see any other vuln
> this service could present?
*snip*
Dimo,
You might want to look at how they handle attachments. I noticed a problem
with W3Mail where it placed attachments into a web accessible directory
allowing injection of server side scripts and access to other web mail users
files. In the process of fixing this bug, the developers moved the
attachments directory out of the web root but created a new bug allowing
directory traversal outside the web root. The issues are detailed in
http://www.nth-dimension.org.uk/pub/NDSA20021112.txt.asc.
Cheers,
Tim
--
Tim Brown, Portcullis Computer Security Ltd
<mailto:tmb_at_65535.com>
<http://www.portcullis-security.com/>
Received on Jan 06 2005
Intro
