Is a wake up, deeply convinced EDR and oday 😂, distressed a second 😂
Source code has been downloaded by most people, it is estimated that the overnight audit of a wave, the official website will stop downloading the link
Brief introduction:
EDR Profile (official) :
Terminal Detection and Response Platform (EDR) is a set of terminal security solutions provided by Deep Trust Company. The solution consists of lightweight endpoint security software (Agent) and management platform (MGR).
The management platform of EDR supports unified terminal asset management, terminal virus detection and killing, terminal compliance check, unified management of micro-isolated access control policies, one-click isolation and disposal of security events, and whole-network threat location of hot events of IOC.
Endpoint software supports antivirus, intrusion prevention, firewall isolation, data information collection and reporting, and one-click processing. EDR products also support linkage and coordinated response with AC, SIP, AF, SOC and X-Central products to form a new generation of security protection system.
Impact range: EDR <= v3.2.19
Content: the user behind any fill out ok on https://127.0.0.1:443/ui/login.php? user=adminCopy the codeVulnerability recurrence:
XX, XX, XX, XX: 443 / UI/login. Ph…
You can directly log in to the management page:
You have administrator rights to access the system.
Simply write a batch validation script: test several fOFA, now the first few pages are probably fixed
Successful output to edr.txt
Reference links:
Blog.csdn.net/God\_XiangY…
Disclaimer: This site provides safety tools, procedures (methods) may be offensive, only for safety research and teaching, risk!
Subscribe for more revisited articles and study notes
thelostworld
Safe road, side by side with you !!!!
Personal knowledge: www.zhihu.com/people/fu-w…
Brief personal book: www.jianshu.com/u/bf0e38a8d…
Personal CSDN: blog.csdn.net/qq\_3760279…