xray
xray copied to clipboard
chaitin
Create firewall-password-leak.yml
本 poc 是检测什么漏洞的
主要检测 多家防火墙设备存在信息泄露的漏洞 虽然检测原理与 https://github.com/chaitin/xray/pull/1192/ 相似 但他的的poc限制太死,无法检测防火墙问题
测试环境
https://60.255.230.247:9090 https://60.255.230.248:9090 https://60.8.205.110:9090 https://222.217.3.216:9090 https://111.59.92.115:9090 https://60.255.230.247:9091 https://113.57.117.10:1443 https://60.255.230.248:9091 https://60.255.230.246:9091 https://119.39.136.41:9090 https://111.59.92.115:9091 https://61.182.219.116 https://222.83.211.182:9090 https://116.131.147.214:9090 https://221.182.202.66 https://221.206.198.127:9091 https://101.95.184.210:9091 https://60.255.230.246:9090 https://171.221.227.194:9090 https://222.84.119.2:9090 https://101.231.72.127:8443 https://61.164.34.171:9091 https://60.213.232.218:9091 https://122.227.55.70:9090 https://111.75.209.230:9091 https://111.75.209.229:9091 https://58.252.58.179:9090 https://60.8.205.106:9090 http://113.56.119.73:9000 https://116.10.142.240:9090 https://122.227.47.82:9090 http://221.182.202.66:81 https://61.164.34.171:9090 https://171.221.227.196:9090 https://112.12.9.42:9090 https://116.131.147.214:9091 https://120.236.230.106:9091 https://222.217.3.216:9091 https://117.156.162.19:9090 https://218.29.7.150:9091 https://116.10.142.240:9091 https://123.177.21.199:9091 http://222.223.142.154:8889 https://219.139.51.133:9091 https://218.90.161.243:9091 https://210.68.95.88:9091 https://119.39.136.41:9091 https://183.131.141.74:9091 https://218.75.40.66:9091 https://124.226.3.11:9090 https://218.90.161.242:9090 https://222.218.136.104:9091 https://1.197.108.247:9091 https://210.63.211.145:9091 https://61.185.77.94:9091 https://222.218.136.104:9090 https://112.103.162.153:9091
备注
fofa: "var dkey_verify = Get_Verify_Info(hex_md5"
影响面积非常大
可检测 胜鑫塔下一代防火墙XT6000-A-FW-1.0.0-0-2778 利谱第二代防火墙6164-1.5.2 任子行下一代防火墙SURF-NGSA-V-3000 中科网威下一代防火墙F6600L-1.5.2 任子行网络安全审计系统内置报表 网域科技防火墙ACF-200-1.0.0 锐捷RG-ISG视频监控网关6000-ISG02C 天融信ACM-51538-V3.0.0176 无锡城安CitySec-H9205-2.1.0 任天行网络安全管理系统SURF-RAG-5500-V4.0.0_176 深圳智开上网行为管理路由器ZK-ASR3-300-v176 深圳维盟WFW-1000-1.0.1 深圳市联天通信技术有限公司LFW400E-1.5.2 信达网安NGAF8000-1200-1.5.2 中网 F9100-1.0.0 湖北力达科讯 LDT-FW-3000-1.5.0 中科新业下一代防火墙SEENTECH-FW3-1.0.0 深圳市龙信信息技术有限公司上网行为管理 深圳国人通信上网行为管理 华清信安上网行为管理 深圳华域数安科技有限公司网络安全接入网关 瑞星上网行为管理 冰峰网络上网行为管理F9100-GL-1.0.0 华信数安上网行为管理
如果您现在还希望提交POC,可以参考此处的相关信息进行提交,感谢您的贡献
https://docs.xray.cool/excitation/reward
