# 默安 幻阵蜜罐未授权访问 RCE

## 漏洞描述

默安 幻阵蜜罐存在部署页面未授权访问 ，可执行任意命令

## 漏洞影响

```
默安 幻阵蜜罐
```

## 漏洞复现

产品页面



![](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202091842964.png)



安装页面如下

![](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202091843119.png)



刷新并抓包



![](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202091844386.png)



Drop掉 **/huanzhen/have_installed?**



![](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202091844013.png)



进入页面



![](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202091844519.png)

点击调试抓包

![](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202091844068.png)



执行其他命令



![](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202091844606.png)



点击一键诊断泄露 IP数据



![](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202091844354.png)