Family: CGI abuses --> Category: infos
Uebimiau Session Directory Disclosure Vulnerability Scan
Vulnerability Scan Summary
Searches for the existence of sessions directory of UebiMiau
Detailed Explanation for this Vulnerability Test
UebiMiau is a simple and cross-plataform POP3/IMAP mail
reader written in PHP.
Uebimiau in default installation create one temporary folder
to store 'sessions' and other files. This folder is defined
in 'inc/config.php' as './database/'.
If the web administrator don't change this folder, a possible hacker
can exploit this using the follow request:
1) Insert index.php in each directory of the Uebimiau
2) Set variable $temporary_directory to a directory
not public and with restricted access, set permission
as read only to 'web server user' for each files in
3) Set open_basedir in httpd.conf to yours clients follow
the model below:
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.