CVE-2004-2563

Serena TeamTrack 6.1.1 - Info Disclosure & XSS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-2563. PoCs published by Noam Rathaus.

AI-analyzed exploit summary This Perl script exploits an authentication bypass vulnerability in Serena TeamTrack by sending crafted HTTP requests to access sensitive information, enumerate users, and perform XSS attacks. It leverages the vulnerable 'tmtrack.dll' endpoint with various templates to extract data without authentication.

Description

Serena TeamTrack 6.1.1 allows remote attackers to obtain sensitive information such as user names, versions, and database information, and conduct cross-site scripting (XSS) attacks, via a direct request to tmtrack.dll with modified LoginPage and Template parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Noam Rathaus · perlremotewindows

https://www.exploit-db.com/exploits/24297

View Code ZIP pw:eip

This Perl script exploits an authentication bypass vulnerability in Serena TeamTrack by sending crafted HTTP requests to access sensitive information, enumerate users, and perform XSS attacks. It leverages the vulnerable 'tmtrack.dll' endpoint with various templates to extract data without authentication.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Serena TeamTrack

No auth needed

Prerequisites: Network access to the target server · Serena TeamTrack installed and accessible

MITRE ATT&CK