Ocean12 ASP Calendar Manager认证绕过漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1109209 漏洞类型 访问验证错误
发布时间 2005-11-04 更新时间 2006-08-28
CVE编号 CVE-2005-4657 CNNVD-ID CNNVD-200512-653
漏洞平台 ASP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/26473
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200512-653
|漏洞详情
Ocean12CalendarManagerPro1.01使得远程攻击者可以通过一个对/admin/view.asp的直接请求来绕过认证并获取敏感信息。
|漏洞EXP
source: http://www.securityfocus.com/bid/15329/info

Ocean12 ASP Calendar Manager is prone to an authentication bypass vulnerability. This is due to to an access validation error in the application.

The application does properly verify access privileges and allows the attacker to gain access to restricted data.

Version 1.01 is affected; other versions may also be vulnerable.

http://www.example.com/admin/view.asp
|参考资料

来源:BID
名称:15329
链接:http://www.securityfocus.com/bid/15329