Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-42392 PoC — H2database代码问题漏洞

Source
https://github.com/Threekiii/Awesome-POC/blob/master/%E6%95%B0%E6%8D%AE%E5%BA%93%E6%BC%8F%E6%B4%9E/H2%20Database%20Web%20Console%20%E6%9C%AA%E6%8E%88%E6%9D%83%20JNDI%20%E6%B3%A8%E5%85%A5%20RCE%20%E6%BC%8F%E6%B4%9E%20CVE-2021-42392.md
Associated Vulnerability
Title:H2database代码问题漏洞 (CVE-2021-42392)
Description:H2database是一个用 Java 编写的可嵌入 Rdbms。 H2database 存在安全漏洞,该漏洞源于H2数据库的getConnection方法以驱动的类名和数据库的URL作为参数。攻击者可利用该漏洞传递JNDI驱动程序名称和指向LDAP或RMI服务器的URL,从而导致远程代码执行。
File Snapshot

 # H2 Database Web Console 未授权 JNDI 注入 RCE 漏洞 CVE-2021-42392

## 漏洞描述

H2 Database 是一个快速、开源的基于 Java 的

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.