mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-07 03:02:30 +00:00
828 B
828 B
CVE-2019-7228
Description
The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Attempting to authenticate with the username %25s%25p%25x%25n will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack.
POC
Reference
- http://packetstormsecurity.com/files/153404/ABB-IDAL-HTTP-Server-Uncontrolled-Format-String.html
- http://seclists.org/fulldisclosure/2019/Jun/43
Github
No PoCs found on GitHub currently.