Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

LISTSERV 17 Insecure Direct Object Reference Vulnerability

🗓️ 18 Jan 2023 00:00:00Reported by Shaunt DType 
zdt
 zdt🔗 0day.today👁 354 Views

LISTSERV 17 Insecure Direct Object Reference Vulnerability on Windows Server 201

Related
Code
ReporterTitlePublishedViews
Family
0day.today		LISTSERV 17 - Insecure Direct Object Reference (IDOR) Vulnerability
30 Mar 202300:00
zdt
Circl		CVE-2022-40319
18 Jan 202300:15
circl
CNNVD		L-Soft LISTSERV 安全漏洞
17 Jan 202300:00
cnnvd
CVE		CVE-2022-40319
17 Jan 202300:00
cve
Cvelist		CVE-2022-40319
17 Jan 202300:00
cvelist
Exploit DB		LISTSERV 17 - Insecure Direct Object Reference (IDOR)
30 Mar 202300:00
exploitdb
EUVD		EUVD-2022-43610
17 Jan 202300:00
euvd
NVD		CVE-2022-40319
17 Jan 202321:15
nvd
OSV		CVE-2022-40319
17 Jan 202321:15
osv
Packet Storm		LISTSERV 17 Insecure Direct Object Reference
17 Jan 202300:00
packetstorm
Rows per page
# Exploit Title: LISTSERV 17 - Insecure Direct Object Reference (IDOR)
# Exploit Author: Shaunt D
# Vendor Homepage: https://www.lsoft.com/
# Version: 17
# Tested on: Windows Server 2019
# CVE : CVE-2022-40319

# Steps to replicate
1. Create two accounts on your LISTSERV 17 installation, logging into each one in a different browser or container.
2. Intercept your attacking profile's browser traffic using Burp.
3. When logging in, you'll be taken to a URL with your email address in the Y parameter (i.e. http://example.com/scripts/wa.exe?INDEX&X=[session-id]&Y=[email-address]).
4. Click on your email address on the top right and select "Edit profile".
5. In Burp, change the email address in the URL's Y parameter to the email address of your victim account.
4. Next, the "WALOGIN" cookie value will be an ASCII encoded version of your email address. Using Burp Decoder, ASCII encode your victim's email address and replace the "WALOGIN" cookie value with that.5. Submit this request. You should now be accessing/editing the victim's profile. You can make modifications and access any information in this profile as long as you replace those two values in Burp for each request.

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
18 Jan 2023 00:00Current
0.3Low risk
Vulners AI Score0.3
CVSS 3.17.5
EPSS0.31721
SSVC
listserv 17insecure direct object referencevulnerabilitywindows server 2019burpcve-2022-40319email addresscookie value
354