Macromedia Jrun管理认证绕过漏洞-安全小百科

Macromedia Jrun管理认证绕过漏洞

漏洞ID	1106822	漏洞类型	输入验证
发布时间	2002-06-28	更新时间	2005-05-02
CVE编号	CVE-2002-0665	CNNVD-ID	CNNVD-200207-063
漏洞平台	Windows	CVSS评分	10.0

|漏洞来源

https://www.exploit-db.com/exploits/21582
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200207-063

|漏洞详情

MacromediaJRunAdministrationServer存在漏洞。远程攻击者可以借助URL中额外的斜杠(/)绕过登录表中的认证。

|漏洞EXP

source: http://www.securityfocus.com/bid/5118/info

Macromedia JRun is prone to an issue which may allow remote attackers to bypass the authentication page for the admin server. This may be exploited by adding an extraneous '/' to a request for the administrative authentication page.

http://JRun-Server:8000//welcome.jsp?&action=stop&server=default

will shutdown the 'default' JRun server instance on port 8100. Other
administrative functions can also be accessed.

|参考资料

来源:www.macromedia.com
链接:http://www.macromedia.com/v1/handlers/index.cfm?ID=23164
来源:BID
名称:5118
链接:http://www.securityfocus.com/bid/5118
来源:XF
名称:jrun-forwardslash-auth-bypass(9450)
链接:http://www.iss.net/security_center/static/9450.php
来源:BUGTRAQ
名称:20020628wp-02-0009:MacromediaJRunAdminServerAuthenticationBypass
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=102529402127195&w;=2
来源:VULNWATCH
名称:20020628[VulnWatch]wp-02-0009:MacromediaJRunAdminServerAuthenticationBypass
链接:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0133.html

相关推荐: video cam server 1.0 – Directory Traversal

video cam server 1.0 – Directory Traversal 漏洞ID 1055075 漏洞类型发布时间 2005-05-02 更新时间 2005-05-02 CVE编号 N/A CNNVD-ID N/A 漏洞平台 Windows C…

文章版权归作者所有，未经允许请勿转载。

THE END