Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:22324
HistoryAug 14, 2009 - 12:00 a.m.

new vulnerability founded by ostoure

2009-08-1400:00:00
vulners.com
9
JSON

www.Ostoure.com_____

|
| Ostoure Security Research Team
|
| Title: Naroun ADSL-Tools authentication Bypass
| Vendor: http://www.mixoftix.net
| Exploitation: Remote with browser

====================

  • Description:
    ====================

The data in the admin folder "operator" can be accessed via a normal session without authentication, someone can do this to
view other people's usernames and passwords

You can access other people's account information, by entering the URL of your own account information, and changing the
account number in the URL to another person's number.

====================

  • exploit:
    ====================

First u must loggin with your user & password

http://crm.victim.com/operator/members_general_info_print.asp?nick=[number]

you must enter other user in number part

Found By Ostoure sazan sharif

JSON