Youyou mailgard webmail Arbitrary File Upload causes getshell (no login required)
1. Unauthorized access to some files (accessible without logon)
Files that do not contain global. php In the root directory can be directly accessed without redirecting to the logon interface.Therefore, you can find files that may have unauthorized access:
$ find -name "*.php" | xargs grep -L -E "^require_once.+(\.\.\/global|[^/]global)\.php.+;$"
Remove useless files and
# Setting up a webmail Mail Server #1. Disable sendmail installed by default in the system: [root @ red4 ~] # Service Sendmail stop Disable sendmail: [failure] [root @ red4 ~] # [Root @ red4 ~] # Chkconfig -- level 35 Sendmail off [root @ red4 ~] # [Root @ red4 ~] # Chkconfig -- list sendmailsendmail 0: Close 1: Close 2: Close 3: Close 4: Close 5: Close 6: Close [root @ red4 ~] #2. Install the mail service package [root @ red4 ~] # Yum list | grep pos
RH9 with a PHP written webmail, can provide based on the SendMail Mail Web interface, the configuration method is also very simple, everyone as long as I follow the steps below, you can easily build a Web mail server for yourself (about 10 minutes or so!)
1. Configure DNS
Add mail.xxx.com parsing records and messages to simplify the mail address to user@xxx.com format.
2. Configure httpd
Use the gedit (which I have always used) to edit the/etc/htt
Meta and link in HTML5 mobile development and html5 mobile metalinkMeta
Some webkit exclusive header tags in HTML5 mobile development can help browsers better parse HTML code and provide better front-end performance and experience for HTML5 mobile
The following intercepts the Readme document taken from an upgrade packageConvert slices to Text
Download and Install Patch UpdatesRefer to the My Oracle support Web site for required patch updates for your installation.Note:Browsers
Note: Because the notepad format is ANSI,UTF-8 format is not supported. It must be saved using ultraedit or other similar tools.
Right-click "options" and click "script" to add the JS script.
The Netease script is saved as a 163. js file.
/
******************
They said that they have been in the Web 2.0 era for a long time (N provinces.
Why are they still stuck in ASP?
They also said ~~~ (Hey, I am hiding)
* ************* You have not finished talking about it. ****************/
3. Installation steps:
The author assumes that you have Apache+php+mysql+imap installed in your Linux system and that Twig has already been downloaded to your home directory. Now let's start the installation action!
1. Copy twig from home directory
The web uses an existing account in a set of systems to log in, and you can see the following images. Twig presets will have homepage | Mail | News | Address Book | Itinerary | Conference | Work | Notes | Bookmark | module | Description | Logout
Release date:Updated on:
Affected Systems:HiveMail 1.xDescription:--------------------------------------------------------------------------------Bugtraq id: 55102
HiveMail is a Web post office system that uses PHP foreground programs and MySQL
1. Roundcube
Roundcube Webmail is a browser-based IMAP client that offers a rich range of features including MIME, Address Book, folder manipulation, mail search and spell checking. Roundcube Webmail is written in PHP and requires support from MySQL
I. Databases
Supports multiple users. A Role table (mailrole) and a user table (mailuser) are required );
Supports multiple folders. A folder table (mailfolder) is required );
Multi-Mailbox settings are supported. A mailbox setting table
Web above files We've seen the two files config.inc.php3 and dbconfig.inc.php3, and you can change the settings by modifying the options in the file if you have other needs. Let's take a look at some other more practical examples.
For example, if
First, before the installation of the preparatory work:
Pre-installation instructions: The Mail service relies on the DNS service, please be assured beforehand that your DNS service has been completed for mail application configuration.
1, install
Oracle Oracle Product Services and Technology level introduction
Many friends ask the genuine Oracle database products and pirated products are mainly different, in fact, from the product technology itself, the difference is not small, can download a database from the OTN website products, and then install the use of genuine and pirated the biggest difference is that If you buy a genuine product can enjoy the services provided by Oracle company, once the database problem, you can find Oracle C
Oracle many friends ask genuine Oracle database products and pirated products what is the difference, in fact, from the product technology itself, the difference is not small, you can download a database from the OTN website products, and then install the use of genuine and pirated the biggest difference is that If you buy a genuine product can enjoy the services provided by Oracle company, once the database problem, you can find Oracle Company's technical staff to solve, then Oracle specific se
website.2. The hmailserver 5.3 Chinese package can be found online. It is actually very simple, that is, a. ini file.3. wampserver 2.0, a simple and practical server software for Apache + MySQL + PHP in windows, which can be downloaded from the wampserver official website.If you only need to implement the hmailserver function, you do not need wampserver, but here I added webmail support, so PHP support is required.4.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.