CVE-2019-14223 PoC — Alfresco Software Alfresco Community Edition 输入验证错误漏洞

Source

https://github.com/mbadanoiu/CVE-2019-14223

Associated Vulnerability

Title:Alfresco Software Alfresco Community Edition 输入验证错误漏洞 (CVE-2019-14223)
Description:Alfresco Software Alfresco Community Edition是美国Alfresco Software公司的一套开源的企业内容管理系统的社区版。该系统包括文档管理、办公协作等功能。 Alfresco Software Alfresco Community Edition 5.2.6 6.0.N之前版本和6.1.N之前版本中存在输入验证错误漏洞。该漏洞源于网络系统或产品未对输入的数据进行正确的验证。

Description

CVE-2019-14223: Open Redirect in Alfresco Share

Readme

# CVE-2019-14223: Open Redirect in Alfresco Share

The Alfresco Share application is vulnerable to an Open Redirect attack via a crafted POST request. By manipulation the “failure” parameter an attacker can redirect a victim to a malicious website over any protocol the attacker desires (E.g. http, https, ftp, smb, etc.)

### NVD Disclosure:

The disclosure for this vulnerability can be found [here](https://nvd.nist.gov/vuln/detail/CVE-2019-14223).

### Proof Of Concept:

More details and the exploitation process can be found in this [PDF](https://github.com/mbadanoiu/CVE-2019-14223/blob/main/Alfresco%20-%20CVE-2019-14223.pdf).

File Snapshot


 [4.0K]  /data/pocs/317cbfab66140348342127d31dfd5907b4a7a51b
├── [202K]  Alfresco - CVE-2019-14223.pdf
└── [ 639]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!