CVE-2020-26259 PoC — XStream 操作系统命令注入漏洞

Source

https://github.com/Threekiii/Awesome-POC/blob/master/%E5%BC%80%E5%8F%91%E6%A1%86%E6%9E%B6%E6%BC%8F%E6%B4%9E/XStream%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E5%88%A0%E9%99%A4%20%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9E%20CVE-2020-26259.md

Associated Vulnerability

Title:XStream 操作系统命令注入漏洞 (CVE-2020-26259)
Description:XStream是XStream（Xstream）团队的一个轻量级的、简单易用的开源Java类库，它主要用于将对象序列化成XML（JSON）或反序列化为对象。 XStream 1.1.14版本及之前版本操作系统存在操作系统命令注入漏洞。该漏洞可能允许远程攻击者删除主机上的任意已知文件作为日志。

File Snapshot


 # XStream 任意文件删除 反序列化漏洞 CVE-2020-26259

## 漏洞描述

Xstream 是 Java 类库，用来将对象序列化成 XML (JSON) 或反序列化为对象。XSt

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2020-26259 PoC — XStream 操作系统命令注入漏洞

Source

Associated Vulnerability

File Snapshot

Remarks