Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

IceWarp WebClient - Remote Code Execution

By kannthu

Critical
Vidoc logoVidoc Module
#icewarp#rce
Description

What is "IceWarp WebClient - Remote Code Execution?"

The "IceWarp WebClient - Remote Code Execution" module is designed to detect the presence of a vulnerability in the IceWarp WebClient software that allows for remote code execution. IceWarp WebClient is a web-based email client that is used by organizations for email communication and collaboration.

This vulnerability is classified as critical and has a CVSS score of 10, indicating its severity. It can potentially allow an attacker to execute arbitrary code on the target system, leading to unauthorized access, data breaches, and potential system compromise.

This module was authored by gy741.

Impact

If successfully exploited, the "IceWarp WebClient - Remote Code Execution" vulnerability can have severe consequences. An attacker could gain unauthorized access to sensitive information, manipulate data, install malware, or even take control of the affected system. This can result in significant financial losses, reputational damage, and potential legal implications for the affected organization.

How does the module work?

The module works by sending a specific HTTP request to the IceWarp WebClient software and then analyzing the response to determine if the vulnerability is present. The request is designed to trigger the vulnerability and elicit a specific response from the target system.

One example of an HTTP request used by this module is:

POST /webmail/basic/ HTTP/1.1
Host: <Hostname>
Content-Type: application/x-www-form-urlencoded

_dlg[captcha][target]=system(\\'ver\\')\\

This request is sent to the target system, and the module then checks the response for specific conditions to confirm the presence of the vulnerability. The matching conditions used by this module include:

- The presence of the phrase "Microsoft Windows [Version" in the response body. - A response status code of 302 (Found).

If both of these conditions are met, the module identifies the vulnerability as present in the IceWarp WebClient software.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Raw request
Matching conditions
word: Microsoft Windows [Versionand
status: 302
Passive global matcher
No matching conditions.
On match action
Report vulnerability