Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2016-4437 PoC — Apache Shiro 信息泄露漏洞

Source
https://github.com/vulhub/vulhub/blob/master/shiro/CVE-2016-4437/README.md
Associated Vulnerability
Title:Apache Shiro 信息泄露漏洞 (CVE-2016-4437)
Description:Apache Shiro是美国阿帕奇(Apache)软件基金会的一套用于执行认证、授权、加密和会话管理的Java安全框架。 Apache Shiro 1.2.5之前版本中存在安全漏洞。当程序没有为remember功能配置加密密钥时,远程攻击者可借助请求参数利用该漏洞执行任意代码,或绕过既定的访问限制。
File Snapshot

 # Apache Shiro 1.2.4 Deserialization Remote Code Execution (CVE-2016-4437)

[中文版本(Chinese version)](

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.