<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Bugtraq: sqwebmail web login

sqwebmail web login

From: Marco Marabelli <mm_at_smrt.it>
Date: Sat, 31 Jan 2004 10:54:12 +0100

platform:
linux 2.4 i386
pachages: qmail+sqwebmail+qmailadmin+vpopmail-vchkpw-auth.

When user root try loggin in on the web on http://domain/cgi-bin/sqwebmail,
if does it with right root password, sqwebmail gives an error "maildir
doesn't exist or has incorrect ownership or permission". This, ONLY if you
give right root password, if not, you have error "invalid user or password"
(as any other wrong password, for any user).
I think this should be a good method for guessing root password, in fact
failure logging in on the sqewebmail are not logged (generally!).

Regards,
Marco Marabelli
Received on Feb 03 2004

This message: [ Message body ]
Next message: Adam Zabrocki: "0verkill - little simple vulnerability."
Previous message: Chuck Rock: "CoDeX-W0rm - what happened here?"
Next in thread: Antonio Messina: "Re: sqwebmail web login"
Reply: Antonio Messina: "Re: sqwebmail web login"
Maybe reply: scott.jefferd_at_cantire.com: "Re: sqwebmail web login"
Reply: Brian Bothwell: "Re: sqwebmail web login"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos