Share
## https://sploitus.com/exploit?id=19DA4415-8E74-5A3D-A607-9C4C2078F697
# CVE-2021-26294 Exploit
Directory Traversal in Afterlogic webmail aurora and pro .

Description: AfterLogic Aurora and WebMail Pro products with 7.7.9 and all lower versions are affected by this vulnerability, simply sending an HTTP GET request to WebDAV EndPoint with built-in “caldav_public_user@localhost” and it’s the predefined password “caldav_public_user” allows the attacker to read all files under the web root.

## Usage  
```bash
python3 CVE-2021-26294.py http(s)://target:port
```