关联漏洞
标题:
Teclib GLPI 信任管理问题漏洞
(CVE-2020-5248)
描述:Teclib GLPI是法国Teclib公司的一套开源的IT资产管理套件。该套件包含设备状态管理、资产清单存储、管理流程和工作日志管理等功能。 Teclib GLPI 9.4.6之前版本中存在信任管理问题漏洞。该漏洞源于网络系统或产品中缺乏有效的信任管理机制。攻击者可利用默认密码或者硬编码密码、硬编码证书等攻击受影响组件。
描述
Proof of Concept (PoC) for CVE-2020-5248.
介绍
## CVE-2020-5248
Proof of Concept (PoC) for CVE-2020-5248.
## Summary
GLPI before before version 9.4.6 has a vulnerability involving a default encryption key. GLPIKEY is public and is used on every instance. This means anyone can decrypt sensitive data stored using this key. It is possible to change the key before installing GLPI. But on existing instances, data must be reencrypted with the new key. Problem is we can not know which columns or rows in the database are using that; espcially from plugins. Changing the key without updating data would lend in bad password sent from glpi; but storing them again from the UI will work.
## PoC:
Replace the "INSERT_COIN" string with the one that you would like to decrypt at https://github.com/indevi0us/CVE-2020-5248/blob/main/decrypt_any.php.
## References:
* https://github.com/glpi-project/glpi/security/advisories/GHSA-j222-j9mf-h6j9
* https://github.com/glpi-project/glpi/commit/efd14468c92c4da43333aa9735e65fd20cbc7c6c
* https://offsec.almond.consulting/multiple-vulnerabilities-in-glpi.html
文件快照
[4.0K] /data/pocs/2c3a74111052eff3cd54c88b886f8325ca370c5b
├── [ 391] decrypt_any.php
└── [1.0K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。