From: Sir Mordred (
Date: Wed, 07 May 2003 15:47:00 +0000
Subject: [Full-Disclosure] @(#)Mordred Labs security notice - exploring the security companies

// @(#)Mordred Labs security notice 0x0002

Name: Exploring the security companies (part one)
Release date: May 7, 2003
Author: Sir Mordred (


This is a first part of security notice about security companies.
I'd split the original notice because of the amount information contained
in it.
The main topic of this notice is "bad coding habits", next time maybe we
will talk about security audit and the source code audit in particular.

Also i should say - somehow i fell respect to people, who are doing
security and brave enough to build a website with a dynamic content, not 
just a couple of html pages. But sometimes crazy thought crosses my mind - 
maybe it is just a dumb honeypot? :-)

The format for vulnerabilities is:

number) [hostname, the company name]
quotes, comments (if exists)
* ISSUE (number) - description of the vulnerability
blank line
comments (if exists)
blank line
the url to demonstrate this vulnerability
blank line
the error message (if exists)


Now lets begin from the rather interesting security company  "e-matters",
and a couple of minutes brings us a several nice issues:

1) [, e-matters ]

Though i do not understand German :-) it was very exciting to visit
e-matters website.
I thought - well, there is Stefan Esser out there, respected security
expert and PHP developer, now i am gonna actually visit his company's 
website, and if i am happy enough and if the website 
has some dynamic content i may find something very interesting ... i will
be changing url parameters, puting single quotes, commas and all such shit ... :-)

Then i got interested in their flagship product - Webmail 3.0 as it has
demo account, and this brings us Issue 4.

Well, it was a real fun i should say, have you ever see the broken test.php
I did not.

How about customers.html page?
I think if  i was going to buy some e-matters products, i'd run away from
this site: 

* ISSUE 1 - /customers.html page is broken

Somehow this page is very broken and when you visit
you can see something like this:

Warning:  mysql_pconnect(): Access denied for user: 'root@localhost' (Using
password: YES) in /domains/ on line 17
Warning:  mysql_select_db(): supplied argument is not a valid MySQL-Link
resource in /domains/ on line 18
Warning:  mysql_query(): supplied argument is not a valid MySQL-Link
resource in /domains/ on line 20
Warning:  mysql_num_rows(): supplied argument is not a valid MySQL result
resource in /domains/ on line 21
Warning:  mysql_fetch_array(): supplied argument is not a valid MySQL
result resource in /domains/ on line 34

* ISSUE 2 - Path disclosure in /screenshotPopUp.html

Warning:  main(./screenshots/ failed to open stream: No
such file or directory in
/domains/ on line 15
Warning:  main(): Failed opening './screenshots/' for inclusion
(include_path='.:/usr/local/lib/php') in
/domains/ on line 15

* ISSUE 3 - Path disclosure in /test.php page

Parse error: parse error in /domains/
on line 4

* ISSUE 4 - Admin access to interface

The url will happily display all users
along with their passwords.


main page ATTRITION feedback