smtp4dev-interface-exposed: SMTP4Dev Interface - Exposed

漏洞描述

PoC代码[已公开]

id: smtp4dev-interface-exposed

info:
  name: SMTP4Dev Interface - Exposed
  author: DhiyaneshDk
  severity: high
  description: |
    Publicly exposed smtp4dev interface allowing access to intercepted emails and test configurations.
  metadata:
    verified: true
    max-request: 1
    shodan-query: title:"smtp4dev"
  tags: smtp4dev,misconfig,exposure,mail,interface,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    host-redirects: true
    max-redirects: 2

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "<title>smtp4dev</title>"
        case-insensitive: true

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100872872eefbf60c7b46a6805781f196d2cd31f4f619fa1c27a42d684f67dd56b20220613b922dcebdfae8740b68d898ace83693456ea9a2c94e052e0095dbe5a2abf5:922c64590222798bb761d5b6d8e72950

相关漏洞推荐

• POC vtigercrm-exposed-directory: Vtiger CRM - Exposed Directory
• 新中大ERP企业管理软件 /filesrv/NGInterface/Index SQL 注入漏洞
• wanhu-evointerfaceservlet-unauth: 万户 OA 未授权访问获取所有账户密码
• wordpress-install: WordPress Exposed Installation
• POC CVE-2020-12447: Onkyo TX-NR585 Web Interface - Directory Traversal
• POC CVE-2020-13937: Apache Kylin - Exposed Configuration File
• POC CVE-2020-2036: Palo Alto Networks PAN-OS Web Interface - Cross Site-Scripting
• POC CVE-2022-48197: Yahoo User Interface library (YUI2) TreeView v2.8.2 - Cross-Site Scripting
• POC CVE-2024-0012: PAN-OS Management Web Interface - Authentication Bypass
• POC CVE-2024-52762: Ganglia Web Interface (v3.7.3 - v3.7.6) - Cross-Site Scripting
• POC CVE-2024-52763: Ganglia Web Interface (v3.7.3 - v3.7.5) - Cross-Site Scripting
• POC CVE-2024-9474: PAN-OS Management Web Interface - Command Injection
• POC CVE-2025-0108: PAN-OS Management Interface - Path Confusion to Authentication Bypass