Lucene search
AttackerKBAKB:E8D149B5-E75A-463B-B4CB-2E01E917823FHistoryMar 09, 2017 - 12:00 a.m.
CVE-2017-6529
2017-03-0900:00:00
attackerkb.com
4
0.004 Low
EPSS
Percentile
72.0%
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacking by guessing the UID parameter.
Recent assessments:
h00die at March 27, 2020 4:08pm UTC reported:
The uid field is passed within a GET parameter. These are sequential integers, so it is trivial to enumerate them all. The session for the UID needs to be valid, and the timeout is rather long. So itβs rather trivial to simply enumerate through them in an infinite loop to get an admin.
Assessed Attacker Value: 3
Assessed Attacker Value: 3Assessed Attacker Value: 5
Related
cve
cve
CVE-2017-6529
2017-03-09 19:59:00
prion
prion
Session fixation
2017-03-09 19:59:00
cvelist
cvelist
CVE-2017-6529
2017-03-09 19:00:00
nvd
nvd
CVE-2017-6529
2017-03-09 19:59:00
packetstorm
packetstorm
dnaLIMS Code Execution / XSS / Traversal / Session Hijacking
2017-03-10 00:00:00
zdt
zdt
dnaLIMS Code Execution / XSS / Traversal / Session Hijacking Vulnerabilities
2017-03-10 00:00:00
exploitpack
exploitpack
openvas
openvas
dnaLIMS Multiple Security Vulnerabilities
2017-03-13 00:00:00
seebug
seebug
exploitdb
exploitdb