CVE-2018-8715 PoC — Embedthis Software Appweb Embedthis HTTP库安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-8715.yaml

Associated Vulnerability

Title:Embedthis Software Appweb Embedthis HTTP库安全漏洞 (CVE-2018-8715)
Description:Embedthis Software AppWeb是美国Embedthis Software公司的一款快速小型的Web服务器，它主要用于嵌入式应用、设备和Web服务，并支持安全防御策略、摘要式身份验证、虚拟主机等。HTTP library是其中的一个HTTP库。 Embedthis Software Appweb 7.0.3之前的版本中的Embedthis HTTP库存在安全漏洞。攻击者可利用该漏洞绕过身份验证。

Description

The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types.

File Snapshot


 id: CVE-2018-8715

info:
  name: AppWeb - Authentication Bypass
  author: milo2012
  severity: high


...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!