Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-8654 PoC — EyesOfNetwork AutoDiscovery模块操作系统命令注入漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-8654.yaml
Associated Vulnerability
Title:EyesOfNetwork AutoDiscovery模块操作系统命令注入漏洞 (CVE-2020-8654)
Description:EyesOfNetwork(EON)是一套开源的、免费的IT监控解决方案。该方案提供业务流程配置工具、在活动队列中发生事件时生成弹出窗口等功能。 EyesOfNetwork 5.3版本中的AutoDiscovery模块存在操作系统命令注入漏洞。攻击者可借助‘target’参数利用该漏洞运行任意操作系统命令。
Description
EyesOfNetwork 5.1 to 5.3 contains SQL injection and remote code execution vulnerabilities. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. See also CVE-2020-8655, CVE-2020-8656, CVE-2020-8657, and CVE-2020-9465.
File Snapshot

 id: CVE-2020-8654

info:
  name: EyesOfNetwork 5.1-5.3 - SQL Injection/Remote Code Execution
  autho

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.