info
discussion
exploit
solution
references
SurgeLDAP Web Administration Authentication Bypass Vulnerability
No exploit is required, but the following example URI was disclosed:
http://www.example.com/admin.cgi?cmd=show&page=main.tpl&utoken=manager
Privacy Statement
Copyright 2010, SecurityFocus
