CVE-2016-0792 PoC — CloudBees Jenkins CI和LTS 任意代码执行漏洞

Source

Associated Vulnerability

Description

Modified Verion of CVE-2016-0792

Readme

# Exploit for Jenkins serialization vulnerability - CVE-2016-0792

---
[https://www.exploit-db.com/exploits/42394/](https://www.exploit-db.com/exploits/42394/)

#### More information can be found here

1. [Contrast Security](https://www.contrastsecurity.com/security-influencers/serialization-must-die-act-2-xstream)

2. [Pentester Lab](https://www.pentesterlab.com/exercises/cve-2016-0792/)

#### Requirements

1. Python 3.6.x

2. [requests](http://docs.python-requests.org/en/master/) library is required for this exploit to work

      `sudo pip install requests`

#### Usage
- [Old way](https://github.com/jpiechowka/jenkins-cve-2016-0792)
- New Way
```bash
python3 exp.py -u <url> -c <command>    
```
```bash
usage: exploit.py [-h] [-u U] [-c C]

CVE-2016-0792

optional arguments:
  -h, --help  show this help message and exit
  -u U        url to exploit
  -c C        command to execute
```
![](images/1.png)

  


#### Disclaimer
Using this software to attack targets without permission is illegal. I am not responsible for any damage caused by using
 this software against the law.

File Snapshot

 [4.0K]  /data/pocs/1cb6306a23864b2effe6ac1beb148eaea6b55fba
├── [5.2K]  exploit.py
├── [4.0K]  images
│   └── [ 81K]  1.png
├── [1.0K]  LICENSE
└── [1.1K]  README.md

1 directory, 4 files

Remarks