CVE-2005-3811

Magic Winmail Server < 4.2 - Directory Traversal and Arbitrary File Write via sid Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-3811. PoCs published by rgod.

AI-analyzed exploit summary This exploit targets a directory traversal vulnerability in WinMail Server 4.4 build 1124 (WebMail) by uploading a malicious serialized session file to the server's temp directory. The exploit then uses this file to bypass authentication and create a new Super User account.

Description

Directory traversal vulnerability in admin/main.php in AMAX Magic Winmail Server 4.2 (build 0824) and earlier allows remote attackers to overwrite arbitrary files with session information via the sid parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/3622

View Code ZIP pw:eip

This exploit targets a directory traversal vulnerability in WinMail Server 4.4 build 1124 (WebMail) by uploading a malicious serialized session file to the server's temp directory. The exploit then uses this file to bypass authentication and create a new Super User account.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: WinMail Server 4.4 build 1124 (WebMail)

No auth needed

Prerequisites: Access to the target server's web interface · Ability to upload files to the server's temp directory

MITRE ATT&CK