|
WebApp Sec
mailing list archives
Re: Webmail Service vulnerabilities
From: Tim Brown <tmb () 65535 com>
Date: Wed, 5 Jan 2005 09:11:10 +0000
On Tuesday 04 January 2005 13:26, Dimitri Borjac wrote:
*snip*
Has any of you already performed an audit of such a service ? Or based
on your experience over webapps security, do you see any other vuln
this service could present?
*snip*
Dimo,
You might want to look at how they handle attachments. I noticed a problem
with W3Mail where it placed attachments into a web accessible directory
allowing injection of server side scripts and access to other web mail users
files. In the process of fixing this bug, the developers moved the
attachments directory out of the web root but created a new bug allowing
directory traversal outside the web root. The issues are detailed in
http://www.nth-dimension.org.uk/pub/NDSA20021112.txt.asc.
Cheers,
Tim
--
Tim Brown, Portcullis Computer Security Ltd
<mailto:tmb () 65535 com>
<http://www.portcullis-security.com/>
 By Date 
By Thread
Current thread:
|
Intro
