Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: infos

Uebimiau Session Directory Disclosure Vulnerability Scan

Vulnerability Scan Summary
Searches for the existence of sessions directory of UebiMiau

Detailed Explanation for this Vulnerability Test

UebiMiau is a simple and cross-plataform POP3/IMAP mail
reader written in PHP.

Uebimiau in default installation create one temporary folder
to store 'sessions' and other files. This folder is defined
in 'inc/config.php' as './database/'.

If the web administrator don't change this folder, a possible hacker
can exploit this using the follow request:

1) Insert index.php in each directory of the Uebimiau

2) Set variable $temporary_directory to a directory
not public and with restricted access, set permission
as read only to 'web server user' for each files in

3) Set open_basedir in httpd.conf to yours clients follow
the model below:

php_admin_value open_basedir

Threat Level: Medium

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.