I will edit this later with a way to do this. The exploit allows to bypass authentication because you have direct access to the configuration file, but since it would be a little tricky to implement the cookie sharing after login, maybe it is better to inject a new user on it. Print out the url, newly created account and password.Login with option.account and option.password.Check if option.account account is available. Expect Login not allowed (this means the user exist but isn't allowed to login via telnet).Connect to target tcp socket at 23 (telnet).Note: If on any of the expected part fails, it isn't vulnerable. Enter your registered e-mail address below, and it will contain instructions to reset your password. Does it help if I provide the steps you need to take and test the script on this side? Inspite I do not develop on python, I think I can finish it up if you write the base.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |