跳转到帖子
  • 游客您好,欢迎来到黑客世界论坛!您可以在这里进行注册。

    赤队小组-代号1949(原CHT攻防小组)在这个瞬息万变的网络时代,我们保持初心,创造最好的社区来共同交流网络技术。您可以在论坛获取黑客攻防技巧与知识,您也可以加入我们的Telegram交流群 共同实时探讨交流。论坛禁止各种广告,请注册用户查看我们的使用与隐私策略,谢谢您的配合。小组成员可以获取论坛隐藏内容!

    TheHackerWorld官方

FatPipe Networks WARP 10.2.2 - Authorization Bypass


HACK1949

推荐的帖子

# Exploit Title: FatPipe Networks WARP 10.2.2 - Authorization Bypass
# Date: 25.07.2021
# Exploit Author: LiquidWorm
# Vendor Homepage: https://www.fatpipeinc.com

FatPipe Networks WARP 10.2.2 Authorization Bypass


Vendor: FatPipe Networks Inc.
Product web page: https://www.fatpipeinc.com
Affected version: WARP
                  10.2.2r38
                  10.2.2r25
                  10.2.2r10
                  10.1.2r60p82
                  10.1.2r60p71
                  10.1.2r60p65
                  10.1.2r60p58s1
                  10.1.2r60p58
                  10.1.2r60p55
                  10.1.2r60p45
                  10.1.2r60p35
                  10.1.2r60p32
                  10.1.2r60p13
                  10.1.2r60p10
                  9.1.2r185
                  9.1.2r180p2
                  9.1.2r165
                  9.1.2r164p5
                  9.1.2r164p4
                  9.1.2r164
                  9.1.2r161p26
                  9.1.2r161p20
                  9.1.2r161p17
                  9.1.2r161p16
                  9.1.2r161p12
                  9.1.2r161p3
                  9.1.2r161p2
                  9.1.2r156
                  9.1.2r150
                  9.1.2r144
                  9.1.2r129
                  7.1.2r39
                  6.1.2r70p75-m
                  6.1.2r70p45-m
                  6.1.2r70p26
                  5.2.0r34

Summary: FatPipe Networks invented the concept of router-clustering,
which provides the highest level of reliability, redundancy, and speed
of Internet traffic for Business Continuity and communications. FatPipe
WARP achieves fault tolerance for companies by creating an easy method
of combining two or more Internet connections of any kind over multiple
ISPs. FatPipe utilizes all paths when the lines are up and running,
dynamically balancing traffic over the multiple lines, and intelligently
failing over inbound and outbound IP traffic when ISP services and/or
components fail.

Desc: Improper access control occurs when the application provides direct
access to objects based on user-supplied input. As a result of this vulnerability
attackers can bypass authorization and access resources behind protected
pages.

Tested on: Apache-Coyote/1.1


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2021-5682
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5682.php


30.05.2016
25.07.2021

--


$ curl -vk "https://10.0.0.9/fpui/jsp/index.jsp"
            
链接帖子
意见的链接
分享到其他网站

黑客攻防讨论组

黑客攻防讨论组

    You don't have permission to chat.
    • 最近浏览   0位会员

      • 没有会员查看此页面。
    ×
    ×
    • 创建新的...