Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-26671 PoC — Taiwan Secom Dr.ID Access control 信任管理问题漏洞

Source
https://github.com/DefensiveOrigins/POC-CVE-2022-26671
Associated Vulnerability
Title:Taiwan Secom Dr.ID Access control 信任管理问题漏洞 (CVE-2022-26671)
Description:Taiwan Secom Dr.ID Access control是中国台湾Taiwan Secom公司的一套门禁访问控制系统。 Taiwan Secom Dr.ID Access control system 存在安全漏洞,该漏洞源于登录页面的源代码中有一个硬编码的凭据。未经身份验证的远程攻击者可以使用硬编码凭证获取部分系统信息并修改系统设置以导致部分服务中断。
Readme
If you got here, you know why this repo needed created. 

CVE-2022-26671

GET /AT/ATDefault.aspx

Line's 430 contains the cleartext credential.

secom | supervisor

In regards to to responsible disclosure, not dislcosing a hardcoded cleartext HTTP body response is silly when its the login page./ 

https://nvd.nist.gov/vuln/detail/CVE-2022-26671
File Snapshot

 [4.0K]  /data/pocs/c3868953dcc1106f52693a7429d1a3d53c4c0f98
└── [ 347]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.