CVE-2017-15708 PoC — Apache Synapse 注入漏洞

Source

https://github.com/HuSoul/CVE-2017-15708

Associated Vulnerability

Title:Apache Synapse 注入漏洞 (CVE-2017-15708)
Description:Apache Synapse是美国阿帕奇（Apache）基金会的一款轻量级ESB（企业服务总线）。Apache Commons Collections是其中的一个提供了Java集合框架的库。 Apache Synapse中的Apache Commons Collections 3.2.1(commons-collections-3.2.1.jar)及之前的版本中存在注入漏洞。远程攻击者可通过注入特制的序列化对象利用该漏洞执行代码。以下版本受到影响：Apache Synapse 3.0.0版本，2.1.0版

Description

Apache synapse 反序列化 CVE–2017–15708

Readme

# CVE-2017-15708

![exploit](https://raw.githubusercontent.com/iBearcat/CVE-2017-15708/master/exploit.jpg)

File Snapshot


 [4.0K]  /data/pocs/5ab1a6dd583d178ea36a6d41ee25158a7a4283e6
├── [206K]  exploit.jpg
├── [ 715]  exploit.py
├── [ 696]  exploit.rb
└── [ 107]  README.md

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!