bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/linux/local/20021.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

16 lines
No EOL
719 B
Text
Raw Permalink Blame History

source: https://www.securityfocus.com/bid/1367/info
Password changes submitted to Red Hat Piranha via HTTP are insecurely passed as variables in a GET request. Unauthorized users could obtain the password by reading the httpd access log or by sniffing.
---------[from /etc/httpd/logs/access_log]-----------
...
127.0.0.1 - piranha [19/May/2000:14:00:48 +0200] "GET
/piranha/secure/passwd.php3?try1=xxx&try2=xxx&passwd=ACCEPT HTTP/1.0" 200
3120
127.0.0.1 - piranha [19/May/2000:14:01:03 +0200] "GET
/piranha/secure/passwd.php3?try1=yyy&try2=yyy&passwd=ACCEPT HTTP/1.0" 200
3120
127.0.0.1 - piranha [19/May/2000:20:58:50 +0200] "GET
/piranha/secure/passwd.php3?try1=arkth&try2=arkth&passwd=ACCEPT
HTTP/1.0" 200 3120
...
Reference in a new issue View git blame Copy permalink