漏洞平台

POC详情： c95e6cea78ead97a050dd61cac45776ff98b5a2d

来源

https://github.com/j4k0m/CVE-2018-0114

关联漏洞

标题： Cisco node-jose open source library 数据伪造问题漏洞 (CVE-2018-0114)
描述：Cisco node-jose open source library是美国思科（Cisco）公司的一个基于Web浏览器和node.js的服务器的JSON对象签名和加密的开源库。 Cisco node-jose open source library 0.11.0之前的版本中存在安全漏洞，该漏洞源于node-jose使用了JSON Web Signature (JWS)标准。远程攻击者可通过移除原签名伪造有效的JWS对象利用该漏洞重新签名令牌。

描述

Exploitation of a vulnerability in Cisco's node-jose, a JavaScript library created to manage JWT.

介绍

# CVE-2018-0114
Exploitation of a vulnerability in Cisco's node-jose, a JavaScript library created to manage JWT.

This vulnerability in Cisco's node-jose allows an attacker to forge malicious tokens.

JWT allows users to embed public keys (using the jwk value) inside the header of the token. However, the application should never trust those keys as an attacker can provide his own key and sign the message using the corresponding private key.

# Review
This issue impacts version prior to 0.11.

If we look at the changes introduced to fix this issue https://github.com/cisco/node-jose/commit/959a61d707ed2c8cf6582139a5605119283e4acb, one file is particularly interesting `(test/fixtures/jws.embedded_jwk.json)`:
```json
 "signing": {
    "protected": {
      "alg": "PS256",
      "jwk": {
        "kty": "RSA",
        "kid": "bilbo.baggins@hobbiton.example",
        "use": "sig",
        "n": "n4EPtAOCc9AlkeQHPzHStgAbgs7bTZLwUBZdR8_KuKPEHLd4rHVTeT-O-XV2jRojdNhxJWTDvNd7nqQ0VEiZQHz_AJmSCpMaJMRBSFKrKb2wqVwGU_NsYOYL-QtiWN2lbzcEe6XC0dApr5ydQLrHqkHHig3RBordaZ6Aj-oBHqFEHYpPe7Tpe-OfVfHd1E6cS6M1FZcD1NNLYD5lFHpPI9bTwJlsde3uhGqC0ZCuEHg8lhzwOHrtIQbS0FVbb9k3-tVTU4fg_3L_vniUFAKwuCLqKnS2BYwdq_mzSnbLY7h_qixoR7jig3__kRhuaxwUkRz5iaiQkqgc5gHdrNP5zw",
        "e": "AQAB"
      }
    },
    "protected_b64u": "eyJhbGciOiJQUzI1NiIsImp3ayI6eyJrdHkiOiJSU0EiLCJraWQiOiJiaWxiby5iYWdnaW5zQGhvYmJpdG9uLmV4YW1wbGUiLCJ1c2UiOiJzaWciLCJuIjoibjRFUHRBT0NjOUFsa2VRSFB6SFN0Z0FiZ3M3YlRaTHdVQlpkUjhfS3VLUEVITGQ0ckhWVGVULU8tWFYyalJvamROaHhKV1REdk5kN25xUTBWRWlaUUh6X0FKbVNDcE1hSk1SQlNGS3JLYjJ3cVZ3R1VfTnNZT1lMLVF0aVdOMmxiemNFZTZYQzBkQXByNXlkUUxySHFrSEhpZzNSQm9yZGFaNkFqLW9CSHFGRUhZcFBlN1RwZS1PZlZmSGQxRTZjUzZNMUZaY0QxTk5MWUQ1bEZIcFBJOWJUd0psc2RlM3VoR3FDMFpDdUVIZzhsaHp3T0hydElRYlMwRlZiYjlrMy10VlRVNGZnXzNMX3ZuaVVGQUt3dUNMcUtuUzJCWXdkcV9telNuYkxZN2hfcWl4b1I3amlnM19fa1JodWF4d1VrUno1aWFpUWtxZ2M1Z0hkck5QNXp3IiwiZSI6IkFRQUIifX0",
    "sig-input": "eyJhbGciOiJQUzI1NiIsImp3ayI6eyJrdHkiOiJSU0EiLCJraWQiOiJiaWxiby5iYWdnaW5zQGhvYmJpdG9uLmV4YW1wbGUiLCJ1c2UiOiJzaWciLCJuIjoibjRFUHRBT0NjOUFsa2VRSFB6SFN0Z0FiZ3M3YlRaTHdVQlpkUjhfS3VLUEVITGQ0ckhWVGVULU8tWFYyalJvamROaHhKV1REdk5kN25xUTBWRWlaUUh6X0FKbVNDcE1hSk1SQlNGS3JLYjJ3cVZ3R1VfTnNZT1lMLVF0aVdOMmxiemNFZTZYQzBkQXByNXlkUUxySHFrSEhpZzNSQm9yZGFaNkFqLW9CSHFGRUhZcFBlN1RwZS1PZlZmSGQxRTZjUzZNMUZaY0QxTk5MWUQ1bEZIcFBJOWJUd0psc2RlM3VoR3FDMFpDdUVIZzhsaHp3T0hydElRYlMwRlZiYjlrMy10VlRVNGZnXzNMX3ZuaVVGQUt3dUNMcUtuUzJCWXdkcV9telNuYkxZN2hfcWl4b1I3amlnM19fa1JodWF4d1VrUno1aWFpUWtxZ2M1Z0hkck5QNXp3IiwiZSI6IkFRQUIifX0.SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4",
    "sig": "XslzHQKM0UogsxugMxj0vmFhNijnmCksPyQ0x8SQ5xC9rEg4_3n_22bdJkM6CQWiTSDUuBCgXo3eqb6GhoPnYgnlGouDy0dIeaihl5Nr85uncW29I39OEZel8UtVGTfOxwssibymheBjKVp0_umkQANicz2_JTLGJQ42BgDVq6L2ZyrqIu7onr9B1XC-O9uzN2xoDfRwK7jCJjH1TPH09W9Pi1iLiXuf7liKH5dBDFzfjCqS4p3PQ6KtdT_gMTOg35PErxFfoi_53cr4l-rUv5ZkdcmIadGjMHDBVpfKSHhkZRVrvR0q6Go6TyvzL5l_hONYKKn09pkhFDjN9JvZeQ"
```
Especially the value `sig-input`, which, once decoded, give us the following data:
```json
{
  "alg":"PS256",
  "jwk":  {
          "kty":"RSA",
          "kid":"bilbo.baggins@hobbiton.example",
          "use":"sig",
          "n":"n4EPtAOCc9Alke...........rNP5zw",
          "e":"AQAB"
          }
}
```
This is the format we will need to follow to get the right header for our payload to work.

# Exploitation
- Create a private RSA key using `openssl`.
- Extract `n` and `e` from the public composent of the private key you just created.
- Sign your payload using the same private key.
- You need to change the `n` and `e` values in your payload to make sure they match the private key you're using.
- You need to create the right payload for the body of your token.
- You need to make sure the algorithm `alg` is the one you're using to sign. Most likely you will need to change the value to `RS256`.

## Example:
- https://github.com/zi0Black/POC-CVE-2018-0114/blob/master/jwk-node-jose.py

# Resources:
- https://nvd.nist.gov/vuln/detail/CVE-2018-0114
- https://blog.pentesteracademy.com/hacking-jwt-tokens-jws-standard-for-jwt-666810809323

文件快照


 [4.0K]  /data/pocs/c95e6cea78ead97a050dd61cac45776ff98b5a2d
└── [4.2K]  README.md

0 directories, 1 file

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。