[32495] in bugtraq
Re: IA WebMail 3.x PoC Code
daemon@ATHENA.MIT.EDU (Peter Winter-Smith)
Wed Nov 19 18:33:02 2003
Date: 19 Nov 2003 14:49:41 -0000
Message-ID: <20031119144941.27770.qmail@sf-www1-symnsj.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Peter Winter-Smith <peter4020@hotmail.com>
To: bugtraq@securityfocus.com
Hello again,
I'm afraid that I have had a couple of reports which state that the
Proof of Concept code which I have written for IA WebMail does not work.
This is often due to the fact that I close the socket immediately as the
malicious data is sent, and so the server does not follow the sequence
of events needed to execute the code.
Please would you either insert a:
sleep(5);
Before the line:
close($victim);
This should solve the problem.
The new code can be downloaded intact from:
http://www.elitehaven.net/iawebmail.pl
Thank you for reading this,
-Peter Winter-Smith
