Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-8515 PoC — Draytek Vigor2960和Vigor300B 操作系统命令注入漏洞

Source
https://github.com/chaitin/xray-plugins/blob/main/poc/manual/draytek-cve-2020-8515.yml
Associated Vulnerability
Title:Draytek Vigor2960和Vigor300B 操作系统命令注入漏洞 (CVE-2020-8515)
Description:Draytek Vigor2960和Vigor300B都是中国台湾居易科技(Draytek)公司的产品。Vigor2960是一款负载平衡路由器和VPN网关设备。Vigor300B是一款负载均衡路由器。 DrayTek Vigor2960、Vigor3900和Vigor300B中存在操作系统命令注入漏洞。攻击者可通过向cgi-bin/mainfunction.cgi URI发送shell元字符利用该漏洞不经过身份验证以root权限执行代码。以下产品及版本受到影响:DrayTek Vigor2960 1.3.
File Snapshot

 name: poc-yaml-draytek-cve-2020-8515
manual: true
transport: http
rules:
    r0:
        request:
  

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.