Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-26526 PoC — Damstra Smart Asset 安全漏洞

Source
https://github.com/lukaszstu/SmartAsset-UE-CVE-2020-26526
Associated Vulnerability
Title:Damstra Smart Asset 安全漏洞 (CVE-2020-26526)
Description:An issue was discovered in Damstra Smart Asset 2020.7. It is possible to enumerate valid usernames on the login page. The application sends a different server response when the username is invalid than when the username is valid ("Unable to find an APIDomain" versus "Wrong email or password").
Description
It is possible to enumerate valid usernames on the login page.
Readme
# SmartAsset-UE-CVE-2020-26526
It is possible to enumerate valid usernames on the login page.

CVE-2020-26526

An issue was discovered in Damstra Smart Asset 2020.7.
It is possible to enumerate valid usernames on the login page. The
application sends a different server response when the username is
invalid than when the username is valid ("Unable to find an APIDomain" versus "Wrong email or password").

When the username is invalid, the server responds with:
"Unable to find an APIDomain for the email test@testtest.com, please contact your system administrator"

If the username is valid, the server responds with:
 "Login Failed! Wrong email or password." 
 
 ------------------------------------------

[Discoverer]
Lukasz Studniarz
File Snapshot

 [4.0K]  /data/pocs/078d4009194d9e938f034442e49de04b01cb3b54
└── [ 740]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →