Macallan Mail Solution Web接口验证绕过漏洞

25次阅读
没有评论

Macallan Mail Solution Web接口验证绕过漏洞

漏洞ID 1107713 漏洞类型 访问验证错误
发布时间 2004-02-12 更新时间 2005-10-20
Macallan Mail Solution Web接口验证绕过漏洞CVE编号 CVE-2004-2071
Macallan Mail Solution Web接口验证绕过漏洞CNNVD-ID CNNVD-200412-452
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/23687
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-452
|漏洞详情
MacallanMailSolution是一款基于WEB的邮件解决方案。MacallanMailWEB管理接口不正确处理部分HTTPGET请求,远程攻击者可以利用这个漏洞未授权访问管理接口。提交类似如下的请求:http://www.example.com//admin.html可绕过访问限制,直接访问管理接口,对应用程序进行控制。
|漏洞EXP
source: http://www.securityfocus.com/bid/9646/info

A vulnerability has been reported in Macallan Mail Solution that may permit remote attackers to bypass authentication for the web interface. This may be exploited by submitting a specially crafted HTTP GET request for the administration page of the web interface.

There are conflicting reports from the vendor that state that the attacker will not be able to perform any administrative actions after bypassing authentication.

This issue was reported in version 2.8.4.6(Build 260). Other versions may also be affected.

http://www.example.com//admin.html
|参考资料

来源:XF
名称:macallan-gain-unauthorized-access(15194)
链接:http://xforce.iss.net/xforce/xfdb/15194
来源:BID
名称:9646
链接:http://www.securityfocus.com/bid/9646
来源:OSVDB
名称:3926
链接:http://www.osvdb.org/3926
来源:SECTRACK
名称:1009030
链接:http://securitytracker.com/id?1009030
来源:SECUNIA
名称:10861
链接:http://secunia.com/advisories/10861
来源:NSFOCUS
名称:6045
链接:http://www.nsfocus.net/vulndb/6045

相关推荐: K-COLLECT CSV_DB.CGI/i_DB.CGI Remote Command Execution Vulnerability

K-COLLECT CSV_DB.CGI/i_DB.CGI Remote Command Execution Vulnerability 漏洞ID 1096427 漏洞类型 Input Validation Error 发布时间 2005-06-24 更新时间…

正文完
 0