MailWorks Professional远程验证绕过漏洞

MailWorks Professional远程验证绕过漏洞

漏洞ID 1108159 漏洞类型 访问验证错误
发布时间 2004-09-02 更新时间 2005-10-20
图片[1]-MailWorks Professional远程验证绕过漏洞-安全小百科CVE编号 CVE-2004-1661
图片[2]-MailWorks Professional远程验证绕过漏洞-安全小百科CNNVD-ID CNNVD-200409-007
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/24565
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200409-007
|漏洞详情
MailWorksProfessional是一款邮件列表管理应用程序。MailWorksProfessional在处理COOKIE认证实现中存在问题,远程攻击者可以利用这个漏洞绕过验证以管理员权限访问应用程序。攻击者可以更改COOKIE信息,把auth设置为1,而把uId设置为任何想要登录的用户,可以绕过MailWorksProfessional的验证访问应用程序。
|漏洞EXP
source: http://www.securityfocus.com/bid/11095/info

MailWorks Professional is reported prone to an authentication bypass vulnerability.

The application uses cookies to store variables that determine the status of the authentication process. An attacker browsing the web application using specially crafted cookie data is able to bypass the authentication process to access the site as an administrative user.

This vulnerability allows a remote attacker to gain administrative access to the affected application.

Cookie: auth=1; uId=1
|参考资料

来源:XF
名称:mailworks-cookie-admin-access(17217)
链接:http://xforce.iss.net/xforce/xfdb/17217
来源:BID
名称:11095
链接:http://www.securityfocus.com/bid/11095
来源:SECUNIA
名称:12458
链接:http://secunia.com/advisories/12458
来源:BUGTRAQ
名称:20040902MailWorksProfessional-Authenticationbypass
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=109416709710447&w;=2

相关推荐: fetchmail fetchmailconf漏洞

fetchmail fetchmailconf漏洞 漏洞ID 1205340 漏洞类型 后置链接 发布时间 2001-09-06 更新时间 2001-09-06 CVE编号 CVE-2001-1378 CNNVD-ID CNNVD-200109-015 漏洞平…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享