(ask) tolong ya

Forum untuk membahas semua tentang web hacking mulai dari footprint, scanning, gain access, escalate previlege, exploit,cover track, backdoors sampai mengamankan web

Moderators: Paman, Xshadow, indounderground, NeOS-01

Forum rules
Membahas bugs,penetrasi, eksploitasi dan teknik mengamankan website - websrver. Sertakan POC disini agar member dapat mempelajarinya
Post Reply
Fashyt
Posts: 9
Joined: Fri Aug 10, 2007 7:00 pm
Location: Underwater

(ask) tolong ya

Post by Fashyt » Sun Mar 14, 2010 11:33 am

mau nyanya nih ..
setelah saya scan vulnerability web.
dapet nih bagian website yang kena .
deskripsinya gini

"PhpWebMail is a php webmail system that supports imap or pop3. It has been reported that PHPwebmail 2.3 is vulnerable. The vulnerability allows phpwebmail users to gain access to arbitrary file system by changing the parameters in the URL used for sending mail (send_mail.php). More info at http://eagle.kecapi.com/sec/fd/phpwebmail.html.
This vulnerability affects /src/redirect.php (POST login_username=&secretkey=&js_autodetect_results=0&just_logged_in=1). "

filetype:php login intitle:"phpWebMail|WebMail"

/src/redirect.php (POST login_username=&secretkey=&js_autodetect_results=0&just_logged_in=1).

berarti kita bisa masuk ke webmail tanpa mengetahui username dan password kan ?
Top
User avatar
Xshadow
Posts: 482
Joined: Thu May 31, 2007 8:01 pm
Location: http://captureflags.com
Contact:
Contact Xshadow

Re: (ask) tolong ya

Post by Xshadow » Tue Mar 16, 2010 3:54 am

kalau webmail keknya tetep harus memakai password bro...
[X]perimental [S]ynthetic [H]umanoid [A]ssembled for [D]estruction and [O]nline [W]arfare
Top
Post Reply

Return to “Web Hacking”