关联漏洞
标题:
Roundcube Webmail 安全漏洞
(CVE-2025-49113)
描述:Roundcube Webmail是Roundcube开源的一款基于浏览器的开源IMAP客户端,它支持地址薄管理、信息搜索、拼写检查等。 Roundcube Webmail 1.5.10之前版本和 1.6.11之前版本存在安全漏洞,该漏洞源于未验证_from参数,可能导致PHP对象反序列化攻击。
介绍
# Cybersecurity Challenge Environment
> 🧠 **This challenge environment is provided for the [HackMeLocal.com](https://hackmelocal.com) community** — a platform for hands-on cybersecurity learning.
**⚠️ WARNING: This application is intentionally vulnerable and for educational purposes only.** Do not deploy it in a production or public-facing environment. It is designed for security simulation and training.
This repository provides a self-contained web challenge that can be run easily with Docker.
---
## 🚀 Getting Started
You can run this challenge environment in two easy ways:
* ✅ **Option 1:** Run locally with Docker
* ✅ **Option 2:** Run online with GitHub Codespaces
---
## 🖥️ Option 1: Run Locally (Using Docker)
### ✅ Requirements
* [Docker Desktop](https://www.docker.com/products/docker-desktop)
* [Git](https://git-scm.com/downloads)
### 🔧 Steps
1. Clone this repository:
```bash
# Replace the URL with the one for this specific repository
git clone <repository_url>
cd <repository_directory>
```
2. Start the application environment:
```bash
docker compose up
```
3. Open your browser and visit the local address, which is typically:
```
http://localhost:8000
```
*(Note: The port may vary. Check the `docker-compose.yml` file if 8000 doesn't work.)*
---
## ☁️ Option 2: Run in GitHub Codespaces (No Installation Needed)
1. Click the green **`Code`** button on this repository's GitHub page.
2. Select the **`Codespaces`** tab.
3. Click **`Create codespace on main`**.
4. Once the environment loads, a terminal will be available. Run the following command:
```bash
docker compose up
```
5. GitHub will automatically detect the running service and show a pop-up to open the application in a new browser tab.
---
## 🎯 Purpose of This Environment
This project is a self-contained, **intentionally vulnerable application** designed for:
* Practicing web application security skills.
* Learning to identify and exploit common vulnerabilities in a safe, legal environment.
* Serving as a ready-to-run CTF (Capture The Flag) challenge for simulation.
---
## ⚠️ Critical Security Disclaimer
This software is **designed to be vulnerable**. It is provided for educational and research purposes only.
**DO NOT** deploy this application on a public network or in a production environment. You are solely responsible for any and all actions you take with this code and for securing the environment in which it runs. The creators and contributors are not liable for any misuse or damage.
---
## 🤝 Community & Learning
This challenge is part of the learning ecosystem at **[HackMeLocal.com](https://hackmelocal.com)**. We encourage you to explore other challenges, learn new techniques, and join the community.
文件快照
[4.0K] /data/pocs/a9834fc0ae7e3b630bd2bb1f319a38f9c8be54df
├── [ 956] docker-compose.yml
├── [4.8K] installer.sh
└── [2.8K] README.md
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。