[转载]Winmail Server Information Disclosure

信息来源：www.securiteam.com

Summary
Winmail Server is "an enterprise class mail server software system offering a robust feature set, including extensive security measures. Winmail Server supports SMTP, POP3, IMAP, Webmail, LDAP, multiple domains, SMTP authentication, spam protection, anti-virus protection, SSL/TLS security, Network Storage, remote access, Web-based administration, and a wide array of standard email options such as filtering, signatures, real-time monitoring, archiving, and public email folders".

Several scripts (chgpwd.php, domain.php and user.php) that come with Winmail Server have been found to disclose sensitive information on the remote hosts.

Details
Vulnerable Systems:
* Winmail Server version 4.0 (Build 1112)

Exploit:
Access the following URL: http://127.0.0.1:6080/admin/chgpwd.php, as an alternative you can try and access the following pages domain.php, user.php found under the same directory.

Workaround:
You can edit c:\windows\winmail_php.ini change:
display_errors = On

To
display_errors = Off

Additional information
The information has been provided by GSS IT.