[VIM] True: SquirrelMail G/PGP Encryption Plug-in 2.0 Command Execution Vuln

George A. Theall theall at tenablesecurity.com
Wed Jul 11 17:15:52 UTC 2007


FWIW, Milw0rm 4173 works for me under Squirrelmail 1.4.10a and GPG 
plugin 2.0. With some slight modifications of the PoC, you don't need 
authentication and can return results of any commands.

The modified PoC also works against version 2.1 of the plugin. I don't 
seem to be able to return results of the commands directly, but it is 
possible to redirect to a file and then read that later.


George
-- 
theall at tenablesecurity.com


More information about the VIM mailing list