Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Pieterpost - access to "vitual" account
Date: Sat Nov 29 2003 - 08:08:39 CST
Hello bugtraq readers and writers !
name: PieterPost 0.10.6
about: "PieterPost is a webbased interface to a pop3 mailbox. It is designed to be
both small and easy to use"
what: entering url http://server.com/pp.php?action=login anyone can get access
to "virtual" account.
I don't think that can be a big vuln, but at this moment anyone can send spam
from such server and fake e-mail's. This work only with default configuration
(localhost as pop3 server) and weak MTA agent - posible to change From header
sending from localhost.