CVE-2020-11450 PoC — Microstrategy Web 信息泄露漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-11450.yaml

Associated Vulnerability

Title:Microstrategy Web 信息泄露漏洞 (CVE-2020-11450)
Description:Microstrategy Web是美国Microstrategy公司的一套企业数据分析平台。该平台具有数据发现、数据可视化和报表生成等功能。 Microstrategy Web 10.4版本中存在信息泄露漏洞。攻击者可利用该漏洞获取该应用程序运行环境的相关信息。

Description

MicroStrategy Web 10.4 is susceptible to information disclosure. The JVM configuration, CPU architecture, installation folder, and other information are exposed through /MicroStrategyWS/happyaxis.jsp. An attacker can use this vulnerability to learn more about the application environment and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations.

File Snapshot


 id: CVE-2020-11450

info:
  name: MicroStrategy Web 10.4 - Information Disclosure
  author: tess
  s

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!