Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-36380 PoC — Sunhillo SureLine 操作系统命令注入漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-36380.yaml
Associated Vulnerability
Title:Sunhillo SureLine 操作系统命令注入漏洞 (CVE-2021-36380)
Description:Sunhillo SureLine是美国Sunhillo公司的一款监控产品。 Sunhillo SureLine 应用程序存在操作系统命令注入漏洞,该漏洞允许攻击者以 root 权限执行任意命令,通过建立一个交互渠道,有效地控制目标系统。
Description
Sunhillo SureLine <8.7.0.1.1 is vulnerable to OS command injection. The /cgi/networkDiag.cgi script directly incorporated user-controllable parameters within a shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. The following POST request injects a new command that instructs the server to establish a reverse TCP connection to another system, allowing the establishment of an interactive remote shell session.
File Snapshot

 id: CVE-2021-36380

info:
  name: Sunhillo SureLine <8.7.0.1.1 - Unauthenticated OS Command Injectio

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.