| 제목 | Axios Italia Axios RE 1.7.0/7.0.0 REDefault.aspx DBIDX Connection String Parameter Pollution |
|---|
| 설명 | Connection String Parameter Pollution vulnerability found by changing DBIDX parameter in REDefault.aspx query. It is not filtered or sanitized, allowing attackers to change database connection string parameters. Accessing to ReStart.aspx (from one of school partners) and clicking on RE logo, we are redirected to REDefault.aspx, the vulnerable target, then to RELogin.aspx, which uses configuration parameters from the previous URL. Clicking on "Password dimenticata" (Password lost?) or "Accedi" (Login) we can see the details of exception thrown by ASP.NET. |
|---|
| 원천 | ⚠️ https://family.sissiweb.it/Secret/REStart.aspx?Customer_ID=80008420434 |
|---|
| 사용자 | ErPaciocco (UID 4004) |
|---|
| 제출 | 2019. 08. 05. PM 10:25 (7 연령 ago) |
|---|
| 모더레이션 | 2019. 08. 06. AM 07:48 (9 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 139528 [Axios Italia Axios RE 1.7.0/7.0.0 Connection REDefault.aspx DBIDX 권한 상승] |
|---|
| 포인트들 | 20 |
|---|