|
EmuLive Server4 Authentication Bypass And Denial Of Service Vulnerabilities
No exploit is required to leverage either of these issues. The following is a proof of concept URI request designed to bypass the administrator authentication: http://www.example.com//PUBLIC/ADMIN/INDEX.HTM Note that the '//' after the 'http://www.example.com' is where a session ID would be presented, by providing no data between these slashes a NULL session ID is used to authenticate the attacker. |
|
|
Privacy Statement |
