Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
LINBOX LIN:BOX allows remote attackers to bypass authentication, obtain sensitive information, or gain access via a direct request to admin/user.pl preceded by // (double leading slash).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
LinBit Technologies LINBOX Officeserver远程验证绕过漏洞
Vulnerability Description
LINBOX提供完成的IT解决方案,包括如防火墙,文件,邮件,代理服务器等。 LINBOX的管理脚本存在设计错误,远程攻击者可以利用这个漏洞绕过验证未授权访问系统。 LINBOX默认在8080口包含基于WEB的管理接口,默认Internet可连接,管理访问需要用户名和密码,但是攻击者可直接提交//admin/user.pl请求绕过验证,直接访问管理功能。 另外通过访问users.pl,直接点击编辑,可从页面源代码中获得用户密码信息。而且这些帐户信息又是系统帐户可直接通过SSH等接口访问。
CVSS Information
N/A
Vulnerability Type
N/A