mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-28 09:12:08 +00:00
892 B
892 B
CVE-2008-6508
Description
Directory traversal vulnerability in the AuthCheck filter in the Admin Console in Openfire 3.6.0a and earlier allows remote attackers to bypass authentication and access the admin interface via a .. (dot dot) in a URI that matches the Exclude-Strings list, as demonstrated by a /setup/setup-/.. sequence in a URI.
POC
Reference
- http://www.andreas-kurtz.de/advisories/AKADV2008-001-v1.0.txt
- http://www.igniterealtime.org/issues/browse/JM-1489
- https://www.exploit-db.com/exploits/7075
Github
No PoCs found on GitHub currently.