Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "IceWarp WebClient - Remote Code Execution" module is designed to detect the presence of a vulnerability in the IceWarp WebClient software that allows for remote code execution. IceWarp WebClient is a web-based email client that is used by organizations for email communication and collaboration.
This vulnerability is classified as critical and has a CVSS score of 10, indicating its severity. It can potentially allow an attacker to execute arbitrary code on the target system, leading to unauthorized access, data breaches, and potential system compromise.
This module was authored by gy741.
If successfully exploited, the "IceWarp WebClient - Remote Code Execution" vulnerability can have severe consequences. An attacker could gain unauthorized access to sensitive information, manipulate data, install malware, or even take control of the affected system. This can result in significant financial losses, reputational damage, and potential legal implications for the affected organization.
The module works by sending a specific HTTP request to the IceWarp WebClient software and then analyzing the response to determine if the vulnerability is present. The request is designed to trigger the vulnerability and elicit a specific response from the target system.
One example of an HTTP request used by this module is:
POST /webmail/basic/ HTTP/1.1
Host: <Hostname>
Content-Type: application/x-www-form-urlencoded
_dlg[captcha][target]=system(\\'ver\\')\\
This request is sent to the target system, and the module then checks the response for specific conditions to confirm the presence of the vulnerability. The matching conditions used by this module include:
- The presence of the phrase "Microsoft Windows [Version" in the response body. - A response status code of 302 (Found).If both of these conditions are met, the module identifies the vulnerability as present in the IceWarp WebClient software.