Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-21224 PoC — 浪潮 Inspur ClusterEngine 参数注入漏洞

Source
https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/%E6%B5%AA%E6%BD%AEClusterEngineV4.0%20%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2020-21224.md
Associated Vulnerability
Title:浪潮 Inspur ClusterEngine 参数注入漏洞 (CVE-2020-21224)
Description:浪潮 Inspur ClusterEngine是中国浪潮公司的一个应用软件。提供管理集群系统中软硬件提交的作业。 Inspur ClusterEngine V4.0 存在安全漏洞,远程攻击者可利用该漏洞可以向控制服务器发送恶意登录报文。
File Snapshot

 # 浪潮ClusterEngineV4.0 远程命令执行漏洞 CVE-2020-21224

## 漏洞描述

浪潮服务器群集管理系统存在危险字符未过滤,导致远程命令执行

## 漏洞影响

```


...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.