[Dailydave] SquirrelMail GPG Plugin vuln
bob jones
bbinger123 at yahoo.com
Mon Jul 9 19:48:48 EDT 2007
Who is going to spoil the yahoo IM bug? That would shake things up a bit more.
James Matthews <nytrokiss at gmail.com> wrote: And now the person that wanted to make money is losing it because of you people being so nosy! Sniff Sniff =)
On 7/9/07, Nicob < nicob at nicob.net> wrote:Le lundi 09 juillet 2007 à 08:46 -0500, Charles Miller a écrit :
> Also, the vulnerability Nicob pointed out was pre-auth (mine was post-
> auth).
Simply sending an email to an user using the PGP plugin was enough to
compromise the server hosting SquirrelMail. That's nice, as the webmail
URL doesn't have to be known. The server can even be unreachable from
the Internet.
That's imho more than pre-auth, as you can blindly send tons of mails to
random addresses and compromise some servers.
592 function gpg_check_sign_pgp_mime($message,$fullbodytext) {
[...]
639 //$messageSignedText = escapeshellarg($messageSignedText);
640 $messageSignedText = ereg_replace("\"", "\\\"",$messageSignedText );
[...]
661 $command = "echo -n \"$messageSignedText\" | [blablabla]
Nicob
_______________________________________________
Dailydave mailing list
Dailydave at lists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
--
http://www.goldwatches.com/watches.asp?Brand=14
http://www.jewelerslounge.com _______________________________________________
Dailydave mailing list
Dailydave at lists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
---------------------------------
Be a better Globetrotter. Get better travel answers from someone who knows.
Yahoo! Answers - Check it out.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.immunitysec.com/pipermail/dailydave/attachments/20070709/83a8cbd3/attachment.htm
More information about the Dailydave
mailing list