CVE-2021-26294 Exploit

Directory Traversal in Afterlogic webmail aurora and pro .

Description: AfterLogic Aurora and WebMail Pro products with 7.7.9 and all lower versions are affected by this vulnerability, simply sending an HTTP GET request to WebDAV EndPoint with built-in “[email protected]” and it’s the predefined password “caldav_public_user” allows the attacker to read all files under the web root.

Usage

python3 CVE-2021-26294.py http(s)://target:port

GitHub

View Github