[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Pieterpost - access to "vitual" account

To: bugtraq@securityfocus.com
Subject: Pieterpost - access to "vitual" account
From: datasink@op.pl
Date: Sat, 29 Nov 2003 15:08:39 +0100

Hello bugtraq readers and writers !

name: PieterPost 0.10.6
homepage: http://todsah.nihilist.nl/index.php?p=Development/Projects/Pieterpost
about: "PieterPost is a webbased interface to a pop3 mailbox. It is designed to 
be
           both small and easy to use"

what: entering url http://server.com/pp.php?action=login anyone can get access
         to "virtual" account.

 I don't think that can be a big vuln, but at this moment anyone can send spam
from such server and fake e-mail's. This work only with default configuration
(localhost as pop3 server) and weak MTA agent - posible to change From header
sending from localhost.

Prev by Date: FreeBSD Security Advisory FreeBSD-SA-03:19.bind
Next by Date: Re: Unhackable network really unhackable?
Previous by thread: FreeBSD Security Advisory FreeBSD-SA-03:19.bind
Index(es):
- Date
- Thread