Lucene search
K

Naroun ADSL-Tools Bypass

🗓️ 15 Aug 2009 00:00:00Reported by Ostoure SazanType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 19 Views

Naroun ADSL-Tools authentication Bypass allows unauthorized access to admin folder and viewing of other user's account informatio

Code
`___________________________www.Ostoure.com________________________________  
  
|  
| Ostoure Security Research Team  
|  
| Title: Naroun ADSL-Tools authentication Bypass  
| Vendor: http://www.mixoftix.net  
| Exploitation: Remote with browser  
___________________________________________________________________________  
====================  
- Description:  
====================  
  
The data in the admin folder "operator" can be accessed via a normal session without authentication, someone can do this to view other people's usernames and passwords  
  
You can access other people's account information, by entering the URL of your own account information, and changing the account number in the URL to another person's number.  
  
  
====================  
- exploit:  
====================  
  
First u must loggin with your user & password   
  
http://crm.victim.com/operator/members_general_info_print.asp?nick=[number]  
  
you must enter other user in number part  
  
  
Found By Ostoure sazan sharif  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

15 Aug 2009 00:00Current
7.4High risk
Vulners AI Score7.4
19