.. / CVE-2011-0049

Exploit for Majordomo2 - SMTP/HTTP Directory Traversal (CVE-2011-0049)

Description:

A directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted email and (2) cgi-bin/mj_wwwusr in the web interface.

Nuclei Template

View the template here CVE-2011-0049.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2011/CVE-2011-0049.yaml

References:

http://www.kb.cert.org/vuls/id/363726
https://bug628064.bugzilla.mozilla.org/attachment.cgi?id=506481
https://nvd.nist.gov/vuln/detail/CVE-2011-0063
http://securityreason.com/securityalert/8061
https://www.exploit-db.com/exploits/16103

.. / CVE-2011-0049 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Majordomo2 - SMTP/HTTP Directory Traversal (CVE-2011-0049)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2011-0049