Полезная информация
6919 (build 6919). After searching online for an exploit targeting SmarterMail 6919, I found a relevant entry on ExploitDB. Muhammad Ichwan
The vulnerable application interprets this request, sees the IsSysAdmin flag, and resets the password for the admin user (or any specified administrator) without requiring the old password for verification.
Using a simple tool like curl or a Python script, the attacker sends a request that looks something like this (simplified for clarity): smartermail 6919 exploit
tracked as CVE-2019-7214 , which impacts SmarterTools SmarterMail enterprise email software version 16.x and builds prior to Build 6985.
The exploit was discovered and responsibly disclosed by security researchers in late 2020. By January 2021, SmarterTools (the developer) had released a patched version—SmarterMail Build 7494. The patch corrected the path-traversal vulnerability by implementing strict input validation and moving all downloadable files to a secured, non-executable directory. 6919 (build 6919)
Understanding the SmarterMail Build 6919 Remote Code Execution Exploit
The server processes the payload automatically without prompting for credentials, initiating an outbound connection back to the attacker with complete operating system control. Remediation and Mitigation Strategies Using a simple tool like curl or a
# Run this command on the server host to check what IP address port 17001 is listening on netstat -ano | findstr 17001 Use code with caution.
A public module for this exploit is available in the Metasploit Framework .
By default, vulnerable installations bind three unauthenticated .NET remoting endpoints to external traffic: : 17001 (TCP) Endpoints : /Servers /Mail /Spool
If you need help securing your mail architecture, let me know:
