mirror of
https://github.com/gobysec/GobyVuls.git
synced 2025-07-10 00:13:30 +00:00
10 lines
464 B
Markdown
10 lines
464 B
Markdown
# URVE 2020.03.24 RCE (CVE-2020-29552)
|
|
|
|
An issue was discovered in URVE Build 24.03.2020. By using the _internal/pc/vpro.php?mac=0&ip=0&operation=0&usr=0&pass=0;powershell+-c+\" substring, it is possible to execute a Powershell command and redirect its output to a file under the web root.
|
|
|
|
FOFA **query rule**: [body="URVE"](https://fofa.so/result?qbase64=Ym9keT0iVVJWRSI%3D)
|
|
|
|
# Demo
|
|
|
|
|