当前位置:网站首页>Vulhub vulnerability recurrence 69_ Tiki Wiki
Vulhub vulnerability recurrence 69_ Tiki Wiki
2022-07-06 05:17:00 【Revenge_ scan】
CVE-2020-15906_Tiki Wiki CMS Groupware Authentication bypass vulnerability
Vulnerability Details
Tiki Wiki CMS Groupware Or for short Tiki( Originally known as TikiWiki) Is a free and open source based on Wiki Content management system and online office suite . In the following versions 21.2, 20.4, 19.3, 18.7, 17.3, 16.4 There is a logical error before , The administrator account was exploded 60 It will be locked more than times , At this time, you can log in to the background as an administrator by using a blank password .
Reference link :
- https://info.tiki.org/article473-Security-Releases-of-all-Tiki-versions-since-16-3
- https://github.com/S1lkys/CVE-2020-15906
-http://packetstormsecurity.com/files/159663/Tiki-Wiki-CMS-Groupware-21.1-Authentication-Bypass.html
- https://srcincite.io/pocs/cve-2021-26119.py.txt
Vulnerability environment
shooting range :192.168.4.10_ubuntu
Execute the following command to start a Tiki Wiki CMS 21.1:
#docker-compose up -d
After the environment starts , visit `http://your-ip:8080` You can see its welcome page .
Loophole recurrence
We can use <https://srcincite.io/pocs/cve-2021-26119.py.txt> Medium [POC](poc.py) To reproduce . The POC First use CVE-2020-15906 Bypass Authentication , Get administrator privileges ; Reuse Smarty Sandbox bypass vulnerability of (CVE-2021-26119) Execute arbitrary commands in the background :
#Python3 poc.py your-ip:8080 / id
Be careful , Affected by the principle of vulnerability , Execute this POC It will cause the administrator account to be locked .
边栏推荐
- Fuzzy -- basic application method of AFL
- Upload nestjs configuration files, configure the use of middleware and pipelines
- Acwing week 58
- Implementing fuzzy query with dataframe
- 图数据库ONgDB Release v-1.0.3
- Hometown 20 years later (primary school exercises)
- Ad20 is set with through-hole direct connection copper sheet, and the bonding pad is cross connected
- Weng Kai C language third week 3.1 punch in
- Oracle query table index, unique constraint, field
- 剑指 Offer II 039. 直方图最大矩形面积
猜你喜欢
[leetcode16] the sum of the nearest three numbers (double pointer)
Rce code and Command Execution Vulnerability
Nacos TC setup of highly available Seata (02)
Pointer classic written test questions
TCP three handshakes you need to know
剑指 Offer II 039. 直方图最大矩形面积
Application of Flody
Principle and performance analysis of lepton lossless compression
行业专网对比公网,优势在哪儿?能满足什么特定要求?
Class inheritance in yyds dry inventory C
随机推荐
Codeforces Round #804 (Div. 2) Editorial(A-B)
Biscuits (examination version)
Promotion hung up! The leader said it wasn't my poor skills
Drive development - the first helloddk
Pix2pix: image to image conversion using conditional countermeasure networks
剑指 Offer II 039. 直方图最大矩形面积
Basic knowledge and examples of binary tree
Mysql高级篇学习总结9:创建索引、删除索引、降序索引、隐藏索引
HAC集群修改管理员用户密码
Driver development - hellowdm driver
UCF(2022暑期团队赛一)
你需要知道的 TCP 三次握手
GAMES202-WebGL中shader的编译和连接(了解向)
2022 half year summary
The ECU of 21 Audi q5l 45tfsi brushes is upgraded to master special adjustment, and the horsepower is safely and stably increased to 305 horsepower
2021 RoboCom 世界机器人开发者大赛-本科组(复赛)
浅谈镜头滤镜的类型及作用
ISP learning (2)
Notes, continuation, escape and other symbols
What are the advantages of the industry private network over the public network? What specific requirements can be met?