CVE-2019-13403 PoC — Temenos CWX 访问控制错误漏洞

Source

https://github.com/B3Bo1d/CVE-2019-13403

Associated Vulnerability

Title:Temenos CWX 访问控制错误漏洞 (CVE-2019-13403)
Description:Temenos CWX是瑞士Temenos公司的一套金融债务管理软件。 Temenos CWX 8.9版本中的/CWX/Employee/EmployeeEdit2.aspx模块存在访问控制错误漏洞。攻击者可利用该漏洞查看用户信息。

Description

CVE-2019-13403

Readme

# CVE-2019-13403
- Report: May 2019
- Fix: May 2019
- Credit: B3Bo1d

## Description
Temenos CWX version 8.9 has an Broken Access Control vulnerability in the module /CWX/Employee/EmployeeEdit2.aspx, leading to the viewing of user information.

## PoC
Before
![Alt text](1.png?raw=true)
After
![Alt text](2.png?raw=true)

## Reference
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13403

File Snapshot


 [4.0K]  /data/pocs/5d134b02f2c2674b530f4641950b11f299264788
├── [338K]  1.png
├── [338K]  2.png
└── [ 397]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!