Closed lakemoon602 closed 4 months ago
vuln file: https://github.com/messense/aliyundrive-webdav/openwrt/luci-app-aliyundrive-webdav/luasrc/controller/aliyundrive-webdav.lua
When deal with action_query_qrcode request,sid parameter is vulnerable to OS command injection.
action_query_qrcode
sid
2.3.3
Openwrt
都登录进路由器后台了,早有 root 权限了,纠结这点问题意义不大吧。
问题描述
vuln file: https://github.com/messense/aliyundrive-webdav/openwrt/luci-app-aliyundrive-webdav/luasrc/controller/aliyundrive-webdav.lua
重现步骤
When deal with
![3](https://github.com/messense/aliyundrive-webdav/assets/55305755/e9c549f2-4a10-4066-a6d9-37241aeb60a2)
action_query_qrcode
request,sid
parameter is vulnerable to OS command injection.版本
2.3.3
运行平台
Openwrt
日志