CVE-2023-33243 PoC — STARFACE 安全漏洞

Source

https://github.com/RedTeamPentesting/CVE-2023-33243

Associated Vulnerability

Title:STARFACE 安全漏洞 (CVE-2023-33243)
Description:STARFACE是STARFACE公司的一个用于数字通信的 IP 电话系统。 STARFACE 7.3.0.10及之前版本存在安全漏洞，该漏洞源于允许使用密码哈希进行身份验证。

Description

PoC for login with password hash in STARFACE

Readme

# Proof of Concept for Login with Password Hash in STARFACE (CVE-2023-33243)

Details are described in our
[advisory](https://www.redteam-pentesting.de/advisories/rt-sa-2022-004).

In the corresponding [blog
post](https://blog.redteam-pentesting.de/2023/storing-passwords/) the
vulnerability CVE-2023-33243 is used as an example to describe how we generally
approach the analysis of authentication mechanisms and identify misconceptions
we encounter during our pentest engagements.

## Dependencies

Install Python libraries [requests](https://github.com/psf/requests) and
[click](https://github.com/pallets/click).

## Usage

```
python3 login.py --url [URL] --login [Login ID] --pwhash [SHA512 Password Hash]
```

File Snapshot


 [4.0K]  /data/pocs/f97c0e7d077117eb7371f72ebcc3c909ec6a1db7
├── [1.0K]  LICENSE
├── [3.0K]  login.py
└── [ 716]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!