header-logo
Suggest Exploit
vendor:
Access Manager
by:
0v3rride
8.8
CVSS
HIGH
Insecure Direct Object Reference (IDOR)
639
CWE
Product Name: Access Manager
Affected Version From: >= 1.2
Affected Version To: <= 1.4-RG3
Patch Exists: YES
Related CWE: 2019-6716
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Linux/Apache Wicket
2019

Access Manager Unauthenticated Insecure Direct Object Reference (IDOR)

An unauthenticated Insecure Direct Object Reference (IDOR) vulnerability in LogonBox Limited's (formerly Nervepoint Technologies) Access Manager web application allows a remote attacker to enumerate internal Active Directory usernames. It also allows for the possibility to enumerate Active Directory group names and altering of back-end server jobs (backup and synchronization jobs) depending on the configuration of the system. This is done via the manipulation of the jobId HTTP parameter in an HTTP GET request.

Mitigation:

Upgrade to Access Manager versions >= 1.4-RG4 or later.
Source

Exploit-DB raw data:

# Exploit Title: Access Manager Unauthenticated Insecure Direct Object Reference (IDOR)
# Google Dork: /runJob.html?jobId=<#>
# Date: 01/22/2019
# Exploit Author: 0v3rride
# Vendor Homepage: https://docs.logonbox.com/index.html
# Software Link: N/A
# Version: >= 1.2 <= 1.4-RG3
# Tested on: Linux/Apache Wicket
# CVE: 2019-6716

Summary of issue submitted to CVE MITRE:
An unauthenticated Insecure Direct Object Reference (IDOR) vulnerability in LogonBox Limited's (formerly Nervepoint Technologies) Access Manager web application allows a remote attacker to enumerate internal Active Directory usernames. It also allows for the possibility to enumerate Active Directory group names and altering of back-end server jobs (backup and synchronization jobs) depending on the configuration of the system. This is done via the manipulation of the jobId HTTP parameter in an HTTP GET request. This issue affects Access Manager versions >= 1.2 <= 1.4-RG3 and has been rectified in versions >= 1.4-RG4.

PoC examples:
https://host.example.org/runJob.html?jobId=<#>

E.g.
https://host.example.org/runJob.html?jobId=5


0v3rride

Navigation

Suggest Exploit

Services By CQR