- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 19914
- Проверка EDB
-
- Пройдено
- Автор
- PIERRE BENOIT
- Тип уязвимости
- REMOTE
- Платформа
- WINDOWS
- CVE
- cve-2000-0397
- Дата публикации
- 2000-05-15
Seattle Lab Software Emurl 2.0 - Email Account Access
Код:
source: https://www.securityfocus.com/bid/1203/info
Emurl software creates a unique identifier for each user, based on their account name. This identifier is encoded using the ascii value of each character in the account name and augmented by its position. By using a specific URL along with a user's identifier, it is possible to retreive that users e-mail as well as view and change their account settings.
To read email:
http://target/scripts/emurl/RECMAN.dll?TYPE=RECIEVEMAIL&USER=<identifier>
To view/modify account settings:
http://target/scripts/emurl/MAKEHTML_M.dll?TYPE=USER&USER=<identifier>- Источник
- www.exploit-db.com
