Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2013-5960 PoC — OWASP ESAPI 加密问题漏洞

Source
https://github.com/andikahilmy/CVE-2013-5960-esapi-java-legacy-vulnerable
Associated Vulnerability
Title:OWASP ESAPI 加密问题漏洞 (CVE-2013-5960)
Description:OWASP Enterprise Security API(ESAPI,企业安全应用程序接口)是美国OWASP组织的一个免费、开源的网页应用程序安全控件库,它有助于编程人员开发低风险应用程序。 Java平台下的OWASP ESAPI 2.0.1版本中的对称加密实现中的认证加密功能中存在漏洞,该漏洞源于程序没有正确抵制对序列化密文的篡改。远程攻击者可通过攻击非默认配置中的既定密码模式,利用该漏洞绕过既定的加密保护机制。
File Snapshot

 None
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.