Axis StorPoint CD访问控制漏洞

Axis StorPoint CD访问控制漏洞

漏洞ID 1105732 漏洞类型 未知
发布时间 2000-03-01 更新时间 2005-05-16
图片[1]-Axis StorPoint CD访问控制漏洞-安全小百科CVE编号 CVE-2000-0191
图片[2]-Axis StorPoint CD访问控制漏洞-安全小百科CNNVD-ID CNNVD-200002-084
漏洞平台 Multiple CVSS评分 10.0
|漏洞来源
https://www.exploit-db.com/exploits/19784
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200002-084
|漏洞详情
AxisStorPointCD存在漏洞。远程攻击者借助..(点点)攻击可以在未经认证情况下访问管理员URL。
|漏洞EXP
source: http://www.securityfocus.com/bid/1025/info

Axis StorPoint CD and Axis StorPoint CD/T are CD ROM servers (actual hardware units)sold by Axis Communications. Both of these appliances support remote management 
via SNMP MIB-II and private enterprise MIB as well as from the web via a system-supplied webserver. In regards to the web based administration, users can completely bypass authentication (username and password) by using a specified URL. The actual login page is located at:

http://server/config/html/cnf_gi.htm

However, by using:

http://server/cd/../config/html/cnf_gi.htm

A user side steps the login page and gains administrative access to the appliance.

http://server/cd/../config/html/cnf_gi.htm
|参考资料

来源:BUGTRAQ
名称:20000229Infosec.20000229.axisstorpointcd.a
链接:http://www.securityfocus.com/templates/archive.pike?list=1&msg;[email protected]
来源:BID
名称:1025
链接:http://www.securityfocus.com/bid/1025
来源:OSVDB
名称:19
链接:http://www.osvdb.org/19

相关推荐: Linux/SPARC – Reverse (192.168.100.1:2313/TCP) Shell Shellcode (216 bytes)

Linux/SPARC – Reverse (192.168.100.1:2313/TCP) Shell Shellcode (216 bytes) 漏洞ID 1054668 漏洞类型 发布时间 2004-09-26 更新时间 2004-09-26 CVE编号…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享