CVE-2020-17505 PoC — ArticaTech Artica Proxy 操作系统命令注入漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/workflows/artica-web-proxy-workflow.yaml

Associated Vulnerability

Title:ArticaTech Artica Proxy 操作系统命令注入漏洞 (CVE-2020-17505)
Description:ArticaTech Artica Proxy是法国ArticaTech公司的一款开源的Artica代理解决方案。 Artica Web Proxy 4.30.000000版本中的cyrus.php文件的‘service-cmds’参数存在安全漏洞。远程攻击者可利用该漏洞以root权限执行命令。

Description

A simple workflow that runs all Artica Web Proxy related nuclei templates on a given target.

File Snapshot


 id: artica-web-proxy-workflow

info:
  name: Artica Web Proxy Security Checks
  author: dwisiswant0,

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!