Atmail WebAdmin and Webmail Control Panel - SQL Root Password Disclosure

Author: Ciph3r
type: webapps
platform: linux
port: 
date_added: 2012-07-23  
date_updated: 2012-07-23  
verified: 1  
codes: OSVDB-84397  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 20037.txt  

######################################################################################
# Vuln Title: Atmail WebAdmin and webmail Control Panel Remote Access SQL Root password Vulnerability
#
# Author: FaryadR (a.k.a Ciph3r)
# tested on : Atmail Email Server 6.20.8
# Twitter : https://twitter.com/faryadR
# Mail : Ciph3r.secure@gmail.com
# Website : http://0c0c0c0c.com
# Vendor : http://atmail.com
#  Powered by Atmail 6.20.8 - WebAdmin Control Panel
#
######################################################################################

  [+]Vulnerability :

  you can Access All Atmail Webadmin Mail server Configuration and SQL Root Password


  [+]Poc :

  Go to webmail and config Directory and type dbconfig.ini for Access all SQL Configuration

  [+]Demo for Test Vuln :

  [+]Atmail 6.20.8

http://server/config/dbconfig.ini