CVE-2016-4437 PoC — Apache Shiro 信息泄露漏洞

Source

https://github.com/m3terpreter/CVE-2016-4437

Associated Vulnerability

Title:Apache Shiro 信息泄露漏洞 (CVE-2016-4437)
Description:Apache Shiro是美国阿帕奇（Apache）软件基金会的一套用于执行认证、授权、加密和会话管理的Java安全框架。 Apache Shiro 1.2.5之前版本中存在安全漏洞。当程序没有为remember功能配置加密密钥时，远程攻击者可借助请求参数利用该漏洞执行任意代码，或绕过既定的访问限制。

Readme

# CVE-2016-4437

File Snapshot


 [4.0K]  /data/pocs/083291dc3c24a3255291d1d5c3a3ad333ed45d1b
└── [  15]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!