CVE-2019-17570 PoC — Apache XML-RPC 代码问题漏洞

Source

https://github.com/r00t4dm/CVE-2019-17570

Associated Vulnerability

Title:Apache XML-RPC 代码问题漏洞 (CVE-2019-17570)
Description:Apache XML-RPC是美国阿帕奇（Apache）软件基金会的一款XML-RPC（远程过程调用协议）的Java实现。 Apache XML-RPC中的‘org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult’方法存在代码问题漏洞。攻击者可利用该漏洞执行任意代码。

Description

xmlrpc common deserialization vulnerability

Readme

# CVE-2019-17570

本项目是 CVE-2019-17570的概念验证项目（POC）

File Snapshot


 [4.0K]  /data/pocs/86f78e462d1b1a88e6aed02603f3556ad66aed27
├── [  80]  apacheXmlRpc.iml
├── [1.3K]  pom.xml
├── [  75]  README.md
├── [4.0K]  src
│   └── [4.0K]  main
│       └── [4.0K]  java
│           ├── [1.1K]  App.java
│           ├── [4.0K]  org
│           │   └── [4.0K]  apache
│           │       └── [4.0K]  xmlrpc
│           │           ├── [4.0K]  serializer
│           │           │   └── [5.4K]  XmlRpcWriter.java
│           │           ├── [4.0K]  server
│           │           │   ├── [6.8K]  AbstractReflectiveHandlerMapping.java
│           │           │   ├── [1.1K]  Poc.java
│           │           │   └── [ 586]  XmlRpcNoSuchHandlerException.java
│           │           └── [1.5K]  XmlRpcException.java
│           └── [1.8K]  responseTest.java
└── [4.0K]  target
    └── [4.0K]  classes
        ├── [1.5K]  App.class
        ├── [ 623]  evilCalc.class
        ├── [2.5K]  responseTest.class
        └── [1.2K]  User.class

10 directories, 14 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!