綠盟UTS綜合威脅探針管理員任意登錄漏洞

From PwnWiki

Revision as of 09:58, 1 May 2021 by Pwnwiki (talk | contribs) (Created page with "==漏洞利用== 對響應包進行修改，將false更改為true的時候可以洩露管理用戶的md5值密碼利用渠道的md5值去登錄頁面7ac301836522b54afcbbed71...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

漏洞利用

對響應包進行修改，將false更改為true的時候可以洩露管理用戶的md5值密碼

利用渠道的md5值去登錄頁面7ac301836522b54afcbbed714534c7fb

成功登錄，登錄後通過管理員權限對設備進行管控，並且可以看到大量的攻擊信息，洩露的內部網絡地址和資產管理。

Retrieved from "https://pwnwiki.com/index.php?title=綠盟UTS綜合威脅探針管理員任意登錄漏洞&oldid=1987"