CVE-2017-9554 PoC — Synology DiskStation Manager 信息泄露漏洞

Source

https://github.com/Ez0-yf/CVE-2017-9554-Exploit-Tool

Associated Vulnerability

Title:Synology DiskStation Manager 信息泄露漏洞 (CVE-2017-9554)
Description:Synology DiskStation Manager（DSM）是群晖科技（Synology）公司的一套用于网络储存服务器（NAS）上的操作系统。该操作系统可管理资料、文件、照片、音乐等信息。 Synology DSM 6.1.3-15152之前的版本中的forget_passwd.cgi文件存在信息泄露漏洞。远程攻击者可利用该漏洞枚举有效用户名。

Description

CVE-2017-9554 Exploit Tool

Readme

# CVE-2017-9554-Exploit-Tool
CVE-2017-9554 Exploit Tool

Synology DiskStation Manager (DSM) < 6.1.3-15152 - 'forget_passwd.cgi' User Enumeration EXPLOIT Tool  
Exploit Author : Steve Kaun  
Exploit Tool Author : Ez0-yf  
Vendor Homepage : https://www.synology.com  
Version : Before 6.1.3-15152  
CVE : CVE-2017-9554

File Snapshot


 [4.0K]  /data/pocs/ae0f2ff16fc990ac9b484068c4b1d6042e2838db
├── [ 319]  README.md
├── [  20]  ref2.txt
├── [  57]  ref.txt
├── [1.6K]  request.py
├── [  20]  text.txt
├── [   1]  win.txt
├── [  39]  wordlist1.txt
└── [813K]  wordlist2.txt

0 directories, 8 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!