Mailman Information Disclosure

2020.12.04

Nano (US)

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: Inurl:"mailman/listinfo" "mailman"

This vulnerable really only works for servers that have cpanel running or installed.

Top shared hosting sites that resell cpanel.
Godaddy,Namecheap,OVHNET

The leakage occurs when the Mailman Archives lead back to the origin server.

Directory : /mailman/listinfo/mailman
Exploiter : https://github.com/Proxysec/cloudssp

I found this about 2 years ago just always privated it.

This works for sites that use cloudflare.

Credits to Nano

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Mailman Information Disclosure

Dork: Inurl:"mailman/listinfo" "mailman"

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.