中科網威下一代防火牆控制系統 賬號密碼洩露漏洞

From PwnWiki
Revision as of 21:39, 31 May 2021 by Wosk0x01 (talk | contribs) (→‎漏洞利用)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

FOFA

body="var dkey_verify = Get_Verify_Info(hex_md5)"

⚠️️請注意:銳捷ISG、網域科技、中科網威等部分產品都存在該漏洞。

漏洞利用

查看網頁源代碼&解密MD5


可通過搜索 <code>var dkey_verify = Get_Verify_Info(hex_md5(user_string).toLowerCase(), user_passwd/*"密碼"*/); </code> 得到

密碼字段在user_passwd字段内,不同平臺/版本可能有差異,歡迎進行補充

Retrieved from "https://pwnwiki.com/index.php?title=中科網威下一代防火牆控制系統_賬號密碼洩露漏洞&oldid=3801"