Adobe Connect 10 – Username Disclosure

Exploit Database
48 阅读

作者： h4shur

日期： 2021-02-09
类别：
- webapps
平台：
- multiple
来源：https://www.exploit-db.com/exploits/49550/

# Title: Adobe Connect 10 - Username Disclosure
# Author: h4shur
# date:2021-02-07
# Vendor Homepage: https://www.adobe.com
# Software Link: https://www.adobe.com/products/adobeconnect.html
# Version:10 and earlier
# Tested on: Windows 10 & Google Chrome
# Category : Web Application Bugs

### Description :

By adding this (/system/help/support) to the end of the desired website address, you can view the username without any filter or obstacle. Sometimes even without a username and password. And by adding (/system/login) to the end of the desired website address, you can access the admin panel without any filters.

### POC :
site.com/system/help/support

### Admin Panel :
site.com/system/login

last Exploits
Adobe Connect 10 – Username Disclosure的更多信息

pfSense 2.2.5 – Directory Traversal：
DMXReady Registration Manager 1.2 – SQL Injection：
SickRage < v2018.03.09 - Clear-Text Credentials HTTP Response：
WordPress Plugin Crayon Syntax Highlighter – ‘wp_load’ Remote File Inclusion：
Clipbucket 2.4 RC2 645 – SQL Injection：
Open-AudIT 3.3.0 – Reflective Cross-Site Scripting (Authenticated)：
MyBB IP History Logs Plugin 1.0.2 – Cross-Site Scripting：
Siaberry 1.2.2 – Command Injection：