cve/CVE-2012-2760.md at cc42bc5748fc98fd40a3aa78375c218fbbc9ad5d - cve - 临风笛

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-12-14 20:08:44 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

648 B

Raw Blame History

CVE-2012-2760

Description

mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.

POC

Reference

http://packetstormsecurity.org/files/112991/Mod_Auth_OpenID-Session-Stealing.html

Github

No PoCs found on GitHub currently.