CVE-2000-1100
PostACI Webmail - Information Disclosure via Direct HTTP GET Request
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2000-1100. PoCs published by Michael R. Rudel.
AI-analyzed exploit summary This is a writeup describing an information disclosure vulnerability in Postaci Webmail where the database credentials are stored in a world-readable file accessible via a web browser. The exploit involves retrieving the global.inc file to gain unauthorized database access.
Description
The default configuration for PostACI webmail system installs the /includes/global.inc configuration file within the web root, which allows remote attackers to read sensitive information such as database usernames and passwords via a direct HTTP GET request.
Exploits (1)
This is a writeup describing an information disclosure vulnerability in Postaci Webmail where the database credentials are stored in a world-readable file accessible via a web browser. The exploit involves retrieving the global.inc file to gain unauthorized database access.