CVE-2010-3603
CVE-2010-3603
Cross-site request forgery (CSRF) vulnerability in the file manager service (Services/FileService.ashx) in mojoPortal 2.3.4.3 and 2.3.5.1 allows remote attackers to hijack the authentication of administrators for requests that rename arbitrary files, as demonstrated by causing the user.config file to be moved, leading to a denial of service (service stop) and possibly the exposure of sensitive information.
Produtos afetados
n/a · n/aPoCs públicas encontradas — 4
cve_referencepacketstormsecurity.org/1009-advisories/moaub16-mojoportal.pdfnão verificadocve_referencepacketstormsecurity.org/1009-exploits/moaub-mojoportal.txtnão verificadocve_referencewww.exploit-db.com/exploits/15018não verificadoexploitdbwww.exploit-db.com/exploits/15018não verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://osvdb.org/68060http://packetstormsecurity.org/1009-advisories/moaub16-mojoportal.pdfhttp://packetstormsecurity.org/1009-exploits/moaub-mojoportal.txthttp://secunia.com/advisories/41481https://exchange.xforce.ibmcloud.com/vulnerabilities/61834http://www.exploit-db.com/exploits/15018http://www.mojoportal.com/mojoportal-2352-released.aspx