# CVE-2021-26294 Exploit
Directory Traversal in Afterlogic webmail aurora and pro .

Description: AfterLogic Aurora and WebMail Pro products with 7.7.9 and all lower versions are affected by this vulnerability, simply sending an HTTP GET request to WebDAV EndPoint with built-in “caldav_public_user@localhost” and it’s the predefined password “caldav_public_user” allows the attacker to read all files under the web root.

## Usage  
python3 http(s)://target:port