Gửi #249450: Nxfilter NxFilter 4.3.2.5 LDAP Bind Request vulnerabilitythông tin

tiêu đềNxfilter NxFilter 4.3.2.5 LDAP Bind Request vulnerability
Mô tảA LDAP Bind Request vulnerability is present in https://nxfilter/user,adap.jsp?actionFlag=test&id=1. It could lead to RCE. If we change the DC IP to the attacker IP, and in the attacker machine listen to the port 389 (with netcat), click the button "test" (or wait 15 minutes), NXFILTER will make a LDAP Bind Request to the Attacker machine, with its service account credentials in plain text. That way, an attacker can steal the service account of NXFILTER and log in the Domain with those credentials.
Nguồn⚠️ https://nxfilter/user,adap.jsp?actionFlag=test&id=1
Người dùng
 0xgordo (UID 50709)
Đệ trình08/12/2023 17:56 (cách đây 3 những năm)
Kiểm duyệt17/12/2023 09:25 (9 days later)
Trạng tháiđược chấp nhận
Mục VulDB248267 [Jahastech NxFilter 4.3.2.5 Bind Request user,adap.jsp?actionFlag=test&id=1 nâng cao đặc quyền]
điểm17

Do you need the next level of professionalism?

Upgrade your account now!