CVE-2022-25356 PoC — ALIN MDaemon Security Gateway 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-25356.yaml

Associated Vulnerability

Title:ALIN MDaemon Security Gateway 安全漏洞 (CVE-2022-25356)
Description:MDaemon Technologies ALIN MDaemon Security Gateway是美国MDaemon Technologies公司的一个电子邮件服务器的安全网关。 ALIN MDaemon Security Gateway 8.5.0版本及之前版本存在安全漏洞，该漏洞源于允许XML注入。

Description

Alt-n/MDaemon Security Gateway through 8.5.0 is susceptible to XML injection via SecurityGateway.dll?view=login. An attacker can inject an arbitrary XML argument by adding a new parameter in the HTTP request URL. As a result, the XML parser fails the validation process and discloses information such as protection used (2FA), admin email, and product registration keys.

File Snapshot


 id: CVE-2022-25356

info:
  name: Alt-n/MDaemon Security Gateway <=8.5.0 - XML Injection
  author: A

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!