CVE-2018-12421 PoC — LTB Self Service Password 安全漏洞

Source

https://github.com/reversebrain/CVE-2018-12421

Associated Vulnerability

Title:LTB Self Service Password 安全漏洞 (CVE-2018-12421)
Description:LTB（又名LDAP Tool Box）Self Service Password是一款支持通过Web界面更改和重置LDAP目录中密码的工具。 LTB Self Service Password 1.3之前版本中存在安全漏洞，该漏洞源于程序没有正确的处理ldap_bind的返回值并且没有将PHP数据类型限制为字符串。攻击者可通过发送特制的POST请求利用该漏洞更改用户密码（无需之前的密码）。

Readme

# CVE-2018-12421

File Snapshot


 [4.0K]  /data/pocs/1a9040ea960acf827e254c1f2d87889a3ba3311f
├── [ 125]  CVE-2018-12421.sh
└── [  16]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!