Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-9425 PoC — rConfig 安全漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-9425.yaml
Associated Vulnerability
Title:rConfig 安全漏洞 (CVE-2020-9425)
Description:rConfig是一款开源的网络配置管理实用程序。 rConfig 3.9.4之前版本中的includes/head.inc.php文件存在安全漏洞。攻击者可通过向settings.php文件发送GET请求利用该漏洞检索存储的明文形式的凭证。
Description
rConfig prior to version 3.9.4 is susceptible to sensitive information disclosure. An unauthenticated attacker can retrieve saved cleartext credentials via a GET request to settings.php. Because the application does not exit after a redirect is applied, the rest of the page still executes, resulting in the disclosure of cleartext credentials in the response.
File Snapshot

 id: CVE-2020-9425

info:
  name: rConfig <3.9.4 - Sensitive Information Disclosure
  author: madrobo

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.