logo Home

Untitled Document

Home > Archives Advisories > Articles

Untitled Document

Untitled Document

Path disclosure and file access on WebAdmin
Date: 2003-04-27

Author : David A. Pérez <david@kamborio.net>

WebAdmin is a web application to administer MDaemon and RelayFax. It can be
run on its own or as an ISAPI application under Microsoft Internet
Information Services (IIS). MDaemon is an e-mail server for Microsoft
Windows. RelayFax is a fax server also for Microsoft Windows. Both
applications have been developed by the same company than WebAdmin, Alt-N
Technologies (http://www.altn.com/), and is not included by default with
MDaemon, nor with RelayFax.

WebAdmin provides access to the configuration and log files of MDaemon and
RelayFax. The web page that lists all the files provide access to these
files through a hyperlink similar to:


This URL discloses the location where MDaemon or RelayFax is installed.

Also, the WebAdmin.dll does not validate the user input allowing him to
craft the URL to access any file. For example:


- The vulnerability would not enable an attacker to gain any privileges on
an affected computer.

- An attacker will need to be able to logon with administrative permissions
to WebAdmin.

- If WebAdmin it is running under IIS only the files accessible by the user
IWAM_MACHINE can be read.

Vendor notified on April 10, 2003.
Vendor replied on April 10, 2003.

WebAdmin 2.0.3 is available since April 14, 2003. This new version patches
the "file access" problem but still reveals the directory where MDaemon or
RelayFax are installed.

David A. Pérez
_ _ _


arrowSearch Advisories


Free weekly Newsletter.

Please enter your email address here:
arrowReport Vulnerability

If you've found a vulnerability please
click here to report it.


About Us | Contact Us | Advertise | email | Backend flag
Copyright © 2016-2017 Security Corporation - All Rights Reserved - Legal - Privacy Policy