Active Server Corner ASP Calendar管理访问漏洞

Active Server Corner ASP Calendar管理访问漏洞

漏洞ID 1108340 漏洞类型 设计错误
发布时间 2004-12-14 更新时间 2005-10-20
图片[1]-Active Server Corner ASP Calendar管理访问漏洞-安全小百科CVE编号 CVE-2004-1400
图片[2]-Active Server Corner ASP Calendar管理访问漏洞-安全小百科CNNVD-ID CNNVD-200412-740
漏洞平台 ASP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/24838
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-740
|漏洞详情
ASPCalendar的控制面板不要求身份验证来访问,远程攻击者借助到main.asp的直接请求获取未经授权的访问。
|漏洞EXP
source: http://www.securityfocus.com/bid/11931/info

ASP Calendar is reported prone to an unauthorized administrative access vulnerability. An unauthorized remote attacker can access an administrative script and potentially gain administrative access to the application.

It is believed that this issue affects ASP Calendar Version 1. 

http://www.example.com/***/admin/main.asp
*** : directory of asp calendar
|参考资料

来源:XF
名称:asp-calendar-gain-access(18474)
链接:http://xforce.iss.net/xforce/xfdb/18474
来源:BID
名称:11931
链接:http://www.securityfocus.com/bid/11931
来源:BUGTRAQ
名称:20041214ASPCalendarVulnerability
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=110304839629822&w;=2

相关推荐: SuSE MkDir Error Handling rctab Race Condition Vulnerability

SuSE MkDir Error Handling rctab Race Condition Vulnerability 漏洞ID 1103471 漏洞类型 Race Condition Error 发布时间 2001-01-13 更新时间 2001-01-1…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享