header-logo
Suggest Exploit
vendor:
Emurl Software
by:
SecurityFocus
8.3
CVSS
HIGH
Emurl Software Account Settings Disclosure
200
CWE
Product Name: Emurl Software
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Emurl Software Account Settings Disclosure

Emurl software creates a unique identifier for each user, based on their account name. This identifier is encoded using the ascii value of each character in the account name and augmented by its position. By using a specific URL along with a user's identifier, it is possible to retreive that users e-mail as well as view and change their account settings.

Mitigation:

Upgrade to the latest version of Emurl software.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/1203/info

Emurl software creates a unique identifier for each user, based on their account name. This identifier is encoded using the ascii value of each character in the account name and augmented by its position. By using a specific URL along with a user's identifier, it is possible to retreive that users e-mail as well as view and change their account settings.

To read email:
http://target/scripts/emurl/RECMAN.dll?TYPE=RECIEVEMAIL&USER=<identifier>

To view/modify account settings:
http://target/scripts/emurl/MAKEHTML_M.dll?TYPE=USER&USER=<identifier>

Navigation

Suggest Exploit

Services By CQR