CVE-2011-1519

IBM Lotus Domino <8.x - Auth Bypass

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-1519. PoCs published by Alexey Sintsov.

AI-analyzed exploit summary This exploit leverages an authentication bypass vulnerability in IBM Lotus Domino Controller by injecting malicious XML into IIS log files and using a Java applet to bypass authentication. It requires local port forwarding and manipulation of log files to achieve unauthorized access.

Description

The remote console in the Server Controller in IBM Lotus Domino 7.x and 8.x verifies credentials against a file located at a UNC share pathname specified by the client, which allows remote attackers to bypass authentication, and consequently execute arbitrary code, by placing this pathname in the COOKIEFILE field. NOTE: this might overlap CVE-2011-0920.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Alexey Sintsov · htmlremotejsp

https://www.exploit-db.com/exploits/18179

View Code ZIP pw:eip

This exploit leverages an authentication bypass vulnerability in IBM Lotus Domino Controller by injecting malicious XML into IIS log files and using a Java applet to bypass authentication. It requires local port forwarding and manipulation of log files to achieve unauthorized access.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: IBM Lotus Domino Controller <=8.5.2 FP3, <=8.5.3

No auth needed

Prerequisites: Access to target's port 49152 · Ability to inject XML into IIS log files · Local web server to host the malicious HTML page

MITRE ATT&CK