mirror of
https://github.com/gobysec/GobyVuls.git
synced 2025-05-05 18:27:13 +00:00
URVE 2020.03.24 RCE (CVE-2020-29552)
An issue was discovered in URVE Build 24.03.2020. By using the _internal/pc/vpro.php?mac=0&ip=0&operation=0&usr=0&pass=0;powershell+-c+" substring, it is possible to execute a Powershell command and redirect its output to a file under the web root.
FOFA query rule: body="URVE"
Demo
