Skip to content

networksecure/CVE-2020-14064

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 

Icewarp Email Server 12.3.0.1 incorrect_access_control

https://nvd.nist.gov/vuln/detail/CVE-2020-14064

Introduction :

first step: Login to your account and then send request to delete whole inbox and capture this request with Burp suit. (security is attacker account)

alt text

second step: Sniff your local network, may be your office and find a ice warp account and its SID.

third step: Replace your SID and username with victim SID and username and then send the request. (security2 is victim account)

alt text

result: victim's Inbox has been deleted.

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published