Plone – ‘in_portal.py’ < 4.1.3 Session Hijacking

• Exploit Database
• 103 阅读

• 作者： Cyrill Bannwart
  日期： 2013-07-31
• 类别：

  • webapps
  平台：

  • Python
• 来源：https://www.exploit-db.com/exploits/38738/

• source: https://www.securityfocus.com/bid/61964/info
  
  Plone is prone to a session-hijacking vulnerability.
  
  An attacker can exploit this issue to hijack user sessions and gain unauthorized access to the affected application.
  
  Note: This issue was previously discussed in the BID 61544 (Plone Multiple Remote Security Vulnerabilities), but has been moved to its own record to better document it. 
  
  https://www.example.com/acl_users/credentials_cookie_auth/require_login?next=+https%3A//www.csnc.ch