IMP 2.2.7 pen-test

• Previous message: xyberpix: "Re: Password lists"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Pentest" <pen-test@securityfocus.com>
Date: Fri, 5 Aug 2005 12:17:24 -0800

Hi,

I sent an email yersterday regarding pen-testing a linux system. After many
issues investigated,
I focused on pen-testing it´s IMP 2.2.7 webmail system, which is knows to
have interesting vulns.
( which soft is secure nowadays ?! )

Well, I could get the webserver directory information:
-----------
Notice: Passing locale category name as string is deprecated. Use the
LC_* -constants instead. in /servername/webmail/horde/imp/lib/postconf.php3
on line 27

Warning: Cannot add header information - headers already sent by (output
started at /netflash/webmail/horde/imp/lib/postconf.php3:27) in
/servername/webmail/phplib/session.inc on line 448

Warning: Cannot add header information - headers already sent by (output
started at /netflash/webmail/horde/imp/lib/postconf.php3:27) in
/servername/webmail/phplib/session.inc on line 449

Warning: Cannot add header information - headers already sent by (output
started at /netflash/webmail/horde/imp/lib/postconf.php3:27) in
/servername/webmail/phplib/session.inc on line 450

Warning: Cannot add header information - headers already sent by (output
started at /netflash/webmail/horde/imp/lib/postconf.php3:27) in
/servername/webmail/horde/imp/poppassd.php3 on line 38
-----------

Now, I know there is an SQL injection vulnerability on
http://www.securityfocus.com/bid/6559/references but I´m getting a little
difficulty on actually exploring it.

there are more two references about this issue:

http://www.securityfocus.com/archive/1/305701
http://www.securityfocus.com/archive/1/306268

Could anyone give some help in this ? I checked it out and when I try to
access
the lib dir, I have no read permissions!

Thanks in regard

Bruno Kovacs (CCSE)
Saga Sistemas e Computadores S.A.
Tel: +55 21 2518-3161 - Ramal 25
bruno@saga.com.br

------------------------------------------------------------------------------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:

http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------

• Previous message: xyberpix: "Re: Password lists"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages [UNIX] Malicious PHP Source Injection in phpBB (install.php) ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Warning: Cannot add header information - headers already sent by (output ... int main ... (Securiteam) Debian with Apache, php4, mysql and phpmyadmin ... i've installed phpmyadmin today on my server. ... Warning: Cannot add header information - headers already sent by (output ... (Debian-User) Porting M0n0wall WebGUI to freebsd 5.4 Stable ... Than i've download rootfs from m0n0 ... to porting webgui into freebsd box. ... Warning: Cannot add header information - headers already sent by (output ... (freebsd-questions) Warning: Cannot add header information - headers already sent ... Warning: Cannot add header information - headers already sent by ... echo "Setting cookie"; ... echo "Cookie Set!"; ... (comp.lang.php)