关键漏洞信息 Product: Sangfor (深信服) Product Name: Operation and Maintenance Management System (OSM / 运维安全管理系统) Affected Version: 3.0.8 (and potentially earlier versions) Vulnerability Type: Unrestricted Upload of File with Dangerous Type Description: A critical Arbitrary File Upload vulnerability exists in the Sangfor OSM version 3.0.8. The vulnerability is located in the endpoint. A remote, unauthenticated attacker can upload a malicious file (such as a web shell) by sending a crafted HTTP POST request. Once uploaded, the file is stored in the web root and can be executed directly via a web browser, leading to Remote Command Execution (RCE) with the privileges of the web server. Vulnerability Details & Root Cause: 1. Improper Access Control: The application fails to enforce authentication checks for the script. 2. Lack of Input Validation: The script processes requests without validating file extensions. 3. Execution: The uploaded file is saved in an executable directory. Proof of Concept (PoC): Target URL: Upload a malicious file and access it via the browser. Remediation: 1. Implement Authentication: Enforce access control on the directory. 2. File Validation: Implement a whitelist for file uploads. 3. Disable Execution: Configure the web server to disable script execution in the upload directory.