_OTHER_ Holes:
1) This will reveal the path to PHP directory and other...maybe
interesting to someone, I didn't really care but decided to include
it. The problem is in options.php.
http://<VULNERABLE
SITE>.net/webmail/src/options.php?optpage=<script>alert('boop!')</script>
it returns the following on the page for the server I tested:
Fatal error: Failed opening required ''
(include_path='.:/php/includes:/usr/share/php') in
/var/www/squirrelmail/src/options.php on line 172
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3651
7612ce4b-ef26-0410-bec9-
ea0150e637f0
projects / squirrelmail.git / commit