unauth-ldap-account-manager: Unauthenticated LDAP Account Manager

日期: 2025-08-01 | 影响软件: LDAP Account Manager | POC: 已公开

漏洞描述

LDAP Account Manager is exposed to external users.

PoC代码[已公开]

id: unauth-ldap-account-manager

info:
  name: Unauthenticated LDAP Account Manager
  author: tess
  severity: medium
  description: LDAP Account Manager is exposed to external users.
  classification:
    cpe: cpe:2.3:a:ldap-account-manager:ldap_account_manager:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: ldap-account-manager
    product: ldap_account_manager
    shodan-query: http.title:"LDAP Account Manager"
  tags: ldap,misconfig,unauth,vuln

http:
  - method: GET
    path:
      - '{{BaseURL}}/templates/config/profmanage.php'

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'LDAP Account Manager'
          - 'Profile management'
          - 'Add profile'
        condition: and

      - type: word
        part: header
        words:
          - "text/html"

      - type: status
        status:
          - 200
# digest: 490a004630440220799890c8856b02386b97da2aaabbe511af29885a8556277782a9f793fbd76df202201e2c739bfd0d9135faad4a5b6b2e8d94d6f234b0ea33801d2671cef429e228a1:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/misconfiguration/unauth-ldap-account-manager.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐