CVEs-PoC/2020/CVE-2020-11450.md at b0e96c877abb080d7cf221c036336480ff266ccf

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-10 15:59:29 +02:00

Files

T

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture, installation folder, and other information through the URL /MicroStrategyWS/happyaxis.jsp. An attacker could use this vulnerability to learn more about the environment the application is running in. This issue has been mitigated in all versions of the product 11.0 and higher.

POC

Reference

http://packetstormsecurity.com/files/157068/MicroStrategy-Intelligence-Server-And-Web-10.4-XSS-Disclosure-SSRF-Code-Execution.html

Github

https://github.com/20142995/sectool
https://github.com/ARPSyndicate/cvemon
https://github.com/ARPSyndicate/kenzer-templates
https://github.com/BugBlocker/lotus-scripts
https://github.com/Elsfa7-110/kenzer-templates
https://github.com/d4n-sec/d4n-sec.github.io
https://github.com/rusty-sec/lotus-scripts

1.2 KiB Raw Blame History

CVE-2020-11450

Description

POC

Reference

Github

1.2 KiB

Raw Blame History