On the guest Coremail mail system began to develop in 1999, is China's first set of Chinese mail system, now has over one billion end users in mainland China, Netease, mail systems CDC and other operators have been using so far, but also the government, institutions, science, education, business and other institutions widely used mail system.
June 2019, the spread of the Internet mail system Coremail on customer profiles leaked vulnerability without authentication to get the configuration file of the contents of the mail system.
Coremail official website of the vulnerability announcement: "On the situation Coremail mail system security issues instructions", http: //www.coremail.cn/About/news_x/article_id/32641.htm
Sphere of influence: Coremail XT XT 5.0.9 to 3.0.1 version, XT 5.0.9a and above The vulnerability has been fixed
PoC:
http://mail.xxxxx.com/mailsms/s?func=ADMIN:appState&dumpConfig=/
