CVE-2022-0968 PoC — Microweber 输入验证错误漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-0968.yaml

Associated Vulnerability

Title:Microweber 输入验证错误漏洞 (CVE-2022-0968)
Description:Microweber是美国Microweber社区的一套可提供拖拽功能的网上商店管理系统。该系统包括添加商品、图片等模块。 GitHub repository microweber/microweber 1.2.12之前版本存在安全漏洞，该漏洞源于microweber应用程序允许在输入字段“fist & last name”中插入大写字母。该漏洞允许攻击者通过特制的的 HTTP 请求导致拒绝服务 (DoS)。

Description

Microweber before 1.2.12 is susceptible to integer overflow. The application allows large characters to insert in the input field 'first & last name,' which can allow an attacker to cause a denial of service via a crafted HTTP request.

File Snapshot


 id: CVE-2022-0968

info:
  name: Microweber <1.2.12 - Integer Overflow
  author: amit-jd
  severity:

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!