Lucene search
RootSSV:61308HistoryJan 09, 2014 - 12:00 a.m.
Burden不正确身份验证漏洞
2014-01-0900:00:00
Root
www.seebug.org
16
0.102 Low
EPSS
Percentile
94.4%
CVE ID:CVE-2013-7137
Burden是用PHP编写的一个全功能的任务管理应用程序。
该漏洞存在由于处理“burden_user_rememberme”cookie参数时没有足够的验证,远程未经认证的用户可以设置“burden_user_rememberme”cookie为“1”,并获得对应用程序的管理权限。
0
Burden<=1.8
厂商补丁:
Burden
Burden 1.8.1版本以修复此漏洞,建议用户下载使用:
The exploitation example below shows HTTP GET request that grants administrative privileges to the user:
GET /login.php HTTP/1.1
Cookie: burden_user_rememberme=1;
The cookie can be also changed using a browser plugin such as Firebug for FireFox.
Related
packetstorm
packetstorm
Burden 1.8 Privilege Escalation
2014-01-08 00:00:00
exploitpack
exploitpack
Burden 1.8 - Authentication Bypass
2014-01-14 00:00:00
securityvulns
securityvulns
Improper Authentication in Burden
2014-01-09 00:00:00
cve
cve
CVE-2013-7137
2014-01-26 01:55:00
prion
prion
Authentication flaw
2014-01-26 01:55:00
openvas
openvas
Burden 'burden_user_rememberme' Authentication Bypass Vulnerability
2014-01-13 00:00:00
htbridge
htbridge
Improper Authentication in Burden
2013-12-18 00:00:00
zdt
zdt
Burden 1.8 - Authentication Bypass Vulnerability
2014-01-14 00:00:00
exploitdb
exploitdb
Burden 1.8 - Authentication Bypass
2014-01-14 00:00:00