Skip to content

yuebusao/AJ-REPORT-EXPLOIT

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
AJ-REPORT远程命令执行.md
AJ-REPORT远程命令执行.md
 
 
README.md
README.md
 
 
config.json
config.json
 
 
exp.py
exp.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

AJ-REPORT-EXPLOIT

AJ-REPORT未授权远程命令执行CNVD-2024-15077利用工具,在原版基础上增加了新的鉴权绕过以及远程命令执行方式,可以绕过最新修复。

分析

见AJ-REPORT远程命令执行.md

使用

pip install -r requirements.txt
python exp.py -u attack_url -b bypass1 -m detect

注意事项

请点击登陆查看请求url确定后端接口。 如输入用户名密码点击登录后发现接口为http://x.x.x.x/squirt1e/accessUser/login。 则检测命令为

python exp.py -u http://x.x.x.x/squirt1e/ -b bypass1 -m detect

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

22 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages