Apache Axis2 1.x – ‘/axis2/axis2-admin’ Session Fixation

Exploit Database
42 阅读

作者： Tiago Ferreira Barbosa

日期： 2010-06-23
类别：
- remote
平台：
- multiple
来源：https://www.exploit-db.com/exploits/34186/

source: https://www.securityfocus.com/bid/41076/info

Apache Axis2 is prone to a session-fixation vulnerability.

Attackers can exploit this issue to hijack a user's session and gain unauthorized access to the affected application.

Apache Axis2 1.5 is vulnerable; other versions may also be affected. 

http://www.example.com:8080/axis2/axis2-admin/engagingglobally?submit=%2bEngage 2b&modules=

last Exploits
Apache Axis2 1.x – ‘/axis2/axis2-admin’ Session Fixation的更多信息

3Com TFTP Service (3CTftpSvc) – ‘Mode’ Remote Buffer Overflow (Metasploit)：
Rejetto HTTP File Server (HFS) 2.3.x – Remote Command Execution (2)：
Mongoose Web Server 6.5 – Cross-Site Request Forgery / Remote Code Execution：
7-Technologies IGSS 9.00.00 b11063 – ‘IGSSdataServer.exe’ Remote Stack Overflow (Metasploit)：
DATAC RealWin SCADA Server 2.0 (Build 6.1.8.10) – SCPC_TXTEVENT Buffer Overflow (Metasploit)：
RabidHamster R4 – Log Entry ‘sprintf()’ Remote Buffer Overflow (Metasploit)：
SWiSH Max3 – DLL Loading Arbitrary Code Execution：
Palo Alto Networks – ‘readSessionVarsFromFile()’ Session Corruption (Metasploit)：