admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-08 12:25:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/网络设备漏洞/佑友防火墙 后台命令执行漏洞.md
Threekiii e9e1a4597a init
2022-02-20 17:08:56 +08:00

35 lines
586 B
Markdown
Raw Blame History

# 佑友防火墙 后台命令执行漏洞
## 漏洞描述
佑友防火墙 后台维护工具存在命令执行,由于没有过滤危险字符,导致可以执行任意命令
## 漏洞影响
```
佑友防火墙
```
## FOFA
```
title="佑友防火墙"
```
## 漏洞复现
登录页面如下
![1](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202201528474.png)
默认账号密码为
```plain
User: admin
Pass: hicomadmin
```
登录后台 **系统管理 --> 维护工具 --> Ping**
![2](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202201528313.png)
Reference in New Issue View Git Blame Copy Permalink