CVE-2020-28185 PoC — Terramaster TOS 权限许可和访问控制问题漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-28185.yaml

Associated Vulnerability

Title:Terramaster TOS 权限许可和访问控制问题漏洞 (CVE-2020-28185)
Description:Terramaster TOS是中国深圳市图美电子技术（Terramaster）公司的一款基于Linux平台的，专用于erraMaster云存储NAS服务器的操作系统。 TerraMaster TOS 4.2.06版本及之前版本存在安全漏洞，该漏洞允许远程未经身份验证的攻击者可利用该漏洞通过向导initialize .php的用户名参数识别系统内的有效用户。

Description

User Enumeration vulnerability in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to identify valid users within the system via the username parameter to wizard/initialise.php.

File Snapshot


 id: CVE-2020-28185

info:
  name: TerraMaster TOS < 4.2.06 - User Enumeration
  author: pussycat0x
 

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!