漏洞描述
Solar网络管理平台又名金字塔网络管理系统,是一种统一管理所有后台配置的系统。其中包含台内系统的业务数据展示,基础数据配置、任务情况显示、日志详情查询。功能齐全、展示清晰,通过不同角色的权限控制展示相应内容,科学管理台内数据。攻击者可以使用默认口令sobey/sobey登录系统,进而控制系统。
Sobey Solar网络管理系统 默认口令
PoC代码
暂无相关漏洞推荐
- POC CVE-2018-19386: SolarWinds Database Performance Analyzer 11.1.457 - Cross-Site Scripting
- POC CVE-2020-10148: SolarWinds Orion API - Auth Bypass
- POC CVE-2021-35250: SolarWinds Serv-U 15.3 - Directory Traversal
- POC CVE-2022-29298: SolarView Compact 6.00 - Local File Inclusion
- POC CVE-2022-29299: SolarView Compact 6.00 - 'time_begin' Cross-Site Scripting
- POC CVE-2022-29301: SolarView Compact 6.00 - 'pow' Cross-Site Scripting
- POC CVE-2022-29303: SolarView Compact 6.00 - OS Command Injection
- POC CVE-2022-31373: SolarView Compact 6.00 - Cross-Site Scripting
- POC CVE-2022-40881: SolarView 6.00 - Remote Command Execution
- POC CVE-2023-23333: SolarView Compact 6.00 - OS Command Injection
- POC CVE-2023-29919: SolarView Compact <= 6.00 - Local File Inclusion
- POC CVE-2024-0692: SolarWinds Security Event Manager - Unauthenticated RCE
- POC CVE-2024-28987: SolarWinds Web Help Desk - Hardcoded Credential