Google Search: “SquirrelMail version 1.4.4″ inurl:src ext:php
zawa rates this entry 2 out of 10.
Submitted: 2005-01-30 00:00:00
Added by: zawa
date :Jan 30 2005 this search reveal the src/webmail.php which would allow acrafted URL to include a remote web page. This was assigned CAN-2005-0103by the Common Vulnerabilities and Exposures.-what can possibly be done :*A possible cross site scripting issue exists in src/webmail.php that isonly accessible when the PHP installation is running with register_globalsset to On.*A possible local file inclusion issue was uncovered by one of ourdevelopers involving custom preference handlers. This issue is onlyactive if the PHP installation is running with register_globals set to On.
2005-02-04 09:02:53 (Deakster): Good but by removing the version number, you can find more:-
“SquirrelMail version” inurl:src ext:php
2005-02-04 20:18:38 (zawa): thanks for ur good Help :)
2005-02-06 06:51:42 (murfie): Deakster, our policy is to always include version numbers for the “advisories and vulnerabilities” category. :)