Oliver's Blog Yet Another Needless BLOG

15.8.2008

Multiple Vulnerabilities within MailScan Admin Interface

Filed under: Advisories,linkedin — oliver.karow @ 11:36

Today i’m going to publish an advisory regarding MailScan from Microworld. Microworld is a vendor of Antivirus, Anti-Spyware and Anti-Spam solutions. MailScan itself is „the world’s most advanced Real-Time Antivirus and AntiSpam solution for Mailservers“… at least this is what the company claims to be on their website….

MailScan now comes with a Webinterface, offering web based administration. Unfortunately the webinterface is offering this services also to hackers……. I did not come across a product from a security products vendor for a long time, that was as vulnerable as this one… it took me about 25 seconds to abuse the webinterface to access all files on the system without authentication by the stupid old directory traversal vulnerability…..

Since this vuln seemed to be to lame to publish as a separate vulnerability, i took some more time to research the authentication and session handling…. and i was surprised again…..
there was none…. ok, to be fair i have to say… almost none…. Authentication was implemented via cookie variables „user=admin“ and „IsAdmin=true“ 🙂

There were a lot more vulns which i stopped to enumerate after a time, because i got bored.
Some of them i added to the advisory which you can find here:
mailscan.txt

Powered by WordPress