CVE-2019-14912 PoC — PRiSE adAS 输入验证错误漏洞

Source

Associated Vulnerability

Title:PRiSE adAS 输入验证错误漏洞 (CVE-2019-14912)
Description:PRiSE adAS是一款身份验证服务器。 PRiSE adAS 1.7.0版本中存在输入验证错误漏洞。该漏洞源于网络系统或产品未对输入的数据进行正确的验证。

Description

CVE-2019-14912 PoC

Readme

# adaPwn - CVE-2019-14912 PoC

adAS OPENSSO module doesn't correctly verify the domain to redirect, making possible to redirect the user to an attacker controlled website, stealing his adAS session cookie.

# Usage

``
usage: adaPwn.py [-h] [--interface INTERFACE] [--httpPort HTTPPORT]
                 [--dnsPort DNSPORT]
                 ipToSpoof realIP redirectUrl ipBlacklist [ipBlacklist ...]``

File Snapshot


 [4.0K]  /data/pocs/bfc933f31265780132bc5b1de50465696d60f242
├── [4.5K]  adAPwn.py
└── [ 402]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!