CVE-2019-7276 PoC — Optergy Proton/Enterprise 命令注入漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2019/CVE-2019-7276.yaml

Associated Vulnerability

Title:Optergy Proton/Enterprise 命令注入漏洞 (CVE-2019-7276)
Description:Optergy Proton/Enterprise是美国Optergy公司的一套企业建筑管理系统。 Optergy Proton/Enterprise 2.3.0a及之前版本中存在安全漏洞。攻击者可利用该漏洞直接导航到未被记录的后门脚本，获取全部的系统访问权限，进而以最高权限执行代码。

Description

Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console.

File Snapshot


 id: CVE-2019-7276

info:
  name: Optergy Proton/Enterprise - Unauthenticated RCE via Backdoor Consol

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!