CVE-2023-5074 PoC — D-Link D-View 8 信任管理问题漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-5074.yaml

Associated Vulnerability

Title:D-Link D-View 8 信任管理问题漏洞 (CVE-2023-5074)
Description:D-Link D-View是中国友讯（D-Link）公司的一款基于 Web 设计的网络设备管理软件。 D-Link D-View 8 v2.0.1.28版本存在安全漏洞，该漏洞源于使用了静态密钥来保护JWT令牌，导致存在身份验证绕过漏洞。

Description

Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28

File Snapshot


 id: CVE-2023-5074

info:
  name: D-Link D-View 8 v2.0.1.28 - Authentication Bypass
  author: Dhiyane

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!