漏洞描述
搜狗输入法是一款由搜狗公司开发的,基于搜索引擎技术的、特别适合网民使用的、新一代的输入法产品,用户可以通过互联网备份自己的个性化词库和配置信息。攻击者可以通过该漏洞获取系统权限执行任意命令。
搜狗输入法绕过windows登录任意命令执行
PoC代码
暂无相关漏洞推荐
- POC generic-windows-lfi: Generic Windows based LFI Test
- POC automatic-windows-updates-disabled: Automatic Windows Updates Disabled
- POC windows-active-desktop-enabled: Active Desktop Enabled
- POC windows-administrative-shares-enabled: Administrative Shares Enabled
- POC windows-administrator-blank-password: Built-in Administrator Account Has Blank Password
- POC windows-anonymous-sid-enumeration-allowed: Windows Allows Anonymous SID Enumeration
- POC windows-autorun-enabled: AutoRun Enabled
- POC windows-credential-manager-plaintext-passwords-allowed: Credential Manager Allows Storing of Plain Text Passwords
- POC windows-defender-realtime-protection-disabled: Windows Defender Real-Time Protection Disabled
- POC windows-dep-disabled: Data Execution Prevention (DEP) Not Enabled
- POC windows-firewall-disabled: Windows Firewall Disabled
- POC windows-installer-elevated-privileges: Windows Installer Elevated Privileges Enabled
- POC windows-lsa-protection-not-enabled: LSA Protection Not Enabled or Not Configured