CVE-2017-11610 PoC — Supervisor XML-RPC服务器安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2017/CVE-2017-11610.yaml

Associated Vulnerability

Title:Supervisor XML-RPC服务器安全漏洞 (CVE-2017-11610)
Description:Supervisor是一套进程控制系统，用于监视和控制类Unix系统上的进程。XML-RPC server是其中的一个XML-RPC服务器。 Supervisor中的XML-RPC服务器存在安全漏洞。远程攻击者可借助特制的XML-RPC请求利用该漏洞执行任意命令。以下版本受到影响：supervisor 3.0.1之前的版本，3.1.4之前的3.1.x版本，3.2.4之前的3.2.x版本，3.3.3之前的3.3.x版本。

Description

The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisor namespace lookups.

File Snapshot


 id: CVE-2017-11610

info:
  name: XML-RPC Server - Remote Code Execution
  author: notnotnotveg
  se

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!