Seattle Lab Emurl 2.0 Email Account 账号访问漏洞

Seattle Lab Emurl 2.0 Email Account 账号访问漏洞

漏洞ID 1105831 漏洞类型 访问验证错误
发布时间 2000-05-15 更新时间 2005-05-02
图片[1]-Seattle Lab Emurl 2.0 Email Account 账号访问漏洞-安全小百科CVE编号 CVE-2000-0397
图片[2]-Seattle Lab Emurl 2.0 Email Account 账号访问漏洞-安全小百科CNNVD-ID CNNVD-200005-054
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/19914
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200005-054
|漏洞详情
TheEMURLweb-basedemailaccount软件在用户会话URLs编码标识符可预测,存在漏洞,远程攻击者可以利用这个漏洞访问用户email账户。
|漏洞EXP
source: http://www.securityfocus.com/bid/1203/info

Emurl software creates a unique identifier for each user, based on their account name. This identifier is encoded using the ascii value of each character in the account name and augmented by its position. By using a specific URL along with a user's identifier, it is possible to retreive that users e-mail as well as view and change their account settings.

To read email:
http://target/scripts/emurl/RECMAN.dll?TYPE=RECIEVEMAIL&USER=<identifier>

To view/modify account settings:
http://target/scripts/emurl/MAKEHTML_M.dll?TYPE=USER&USER=<identifier>
|参考资料

来源:BID
名称:1203
链接:http://www.securityfocus.com/bid/1203
来源:BUGTRAQ
名称:20000515VulnerabilityinEMURL-basede-mailproviders
链接:http://archives.neohapsis.com/archives/bugtraq/2000-05/0160.html

相关推荐: Sebastian Bunka myphpPagetool Arbitrary Code Execution Vulnerability

Sebastian Bunka myphpPagetool Arbitrary Code Execution Vulnerability 漏洞ID 1102891 漏洞类型 Design Error 发布时间 2001-10-02 更新时间 2001-10-0…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享