[VIM] True: SquirrelMail G/PGP Encryption Plug-in 2.0 Command Execution Vuln
George A. Theall
theall at tenablesecurity.com
Wed Jul 11 17:15:52 UTC 2007
FWIW, Milw0rm 4173 works for me under Squirrelmail 1.4.10a and GPG
plugin 2.0. With some slight modifications of the PoC, you don't need
authentication and can return results of any commands.
The modified PoC also works against version 2.1 of the plugin. I don't
seem to be able to return results of the commands directly, but it is
possible to redirect to a file and then read that later.
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list