Exploit for Unrestricted Upload of File with Dangerous Type in Icewarp Mail Server CVE-2020-14065

Name: Exploit for Unrestricted Upload of File with Dangerous Type in Icewarp Mail Server CVE-2020-14065
Rating: 5 (56 reviews)

2020-06-13 | CVSS 6.5

## https://sploitus.com/exploit?id=D5824310-6AA6-52E1-B2AB-81C7ED05DBB0
# Icewarp Email Server 12.3.0.1 unlimited_file_upload
https://nvd.nist.gov/vuln/detail/CVE-2020-14065
## Introduction :
### first step:  login to your account and then change your profile picture.

### second step: send request to intruder, and add posiotion like below.
![alt text](https://github.com/networksecure/icewarp_unlimited_file_upload/blob/master/unlimi2.PNG)

### third step: send request to intruder, and add posiotion like below.  
![alt text](https://github.com/networksecure/icewarp_unlimited_file_upload/blob/master/unlimit1.PNG)

### forth step: start attack.
result: Look at the responses, as you can see all of files has been uploaded and you can access the file. the file upload location pattern is "upload_date-folder(random number)/file(random number)" Look at below image. 
![alt text](https://github.com/networksecure/icewarp_unlimited_file_upload/blob/master/unlimited%20upload%20file-1%20-%20Copy.PNG)