Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2016-4437 PoC — Apache Shiro 信息泄露漏洞

Source
https://github.com/pizza-power/CVE-2016-4437
Associated Vulnerability
Title:Apache Shiro 信息泄露漏洞 (CVE-2016-4437)
Description:Apache Shiro是美国阿帕奇(Apache)软件基金会的一套用于执行认证、授权、加密和会话管理的Java安全框架。 Apache Shiro 1.2.5之前版本中存在安全漏洞。当程序没有为remember功能配置加密密钥时,远程攻击者可借助请求参数利用该漏洞执行任意代码,或绕过既定的访问限制。
Description
Python POC to Exploit CVE-2016-4437 Apache Shiro Deserialization Vulnerability Due to Hardcode Encryption Key
Readme
# CVE-2016-4437
Python POC to Exploit CVE-2016-4437 Apache Shiro Deserialization Vulnerability Due to Hardcoded Encryption Key

Example Usage: 

`./CVE-2016-4437.py -c nslookup -u https://example.com/ -i ecsepnkqtxlishpynfdge01543e4vmx7v.oast.fun`

See comments and the code for more information.
File Snapshot

 [4.0K]  /data/pocs/5886220df6805537b19ca83555ad5c6fe3d6a598
├── [4.9K]  CVE-2016-4437.py
└── [ 298]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.