AfterLogic Aurora and WebMail Pro < 7.7.9 - Full Path Disclosure (CVE-2021-26292)
收藏pentest-tools.com2025-03-26 收录
下载链接:
https://pentest-tools.com/vulnerabilities-exploits/undefined
下载链接
链接失效反馈官方服务:
资源简介:
AfterLogic Aurora and WebMail Pro products with 7.7.9 and all lower versions are affected by this vulnerability, simply sending an HTTP DELETE request to WebDAV EndPoint with built-in “caldav_public_user@localhost” and it’s the predefined password “caldav_public_user” allows the attacker to obtain web root path.
AfterLogic Aurora及WebMail Pro产品系列,自7.7.9版本起及所有低于该版本的版本,均受此漏洞影响。攻击者仅需向内置的“caldav_public_user@localhost”WebDAV端点发送一个HTTP DELETE请求,并使用预设密码“caldav_public_user”,即可获取网站根目录路径。
提供机构:
pentest-tools.com
