Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-16621 PoC — Sonatype Nexus Repository Manager 代码注入漏洞

Source
https://github.com/Loucy1231/Nexus-Repository-Manager3-EL-CVE-2018-16621-https-www.cve.org-CVERecord-id-CVE-2018-16621-
Associated Vulnerability
Title:Sonatype Nexus Repository Manager 代码注入漏洞 (CVE-2018-16621)
Description:Sonatype Nexus Repository Manager(又名NXRM)是一款maven仓库管理器。 Sonatype NXRM 3.14之前版本中存在安全漏洞。攻击者可利用该漏洞在服务器上执行代码。
Readme
### 本脚本针对Nexus Repository Manager3 EL注入([CVE-2018-16621](https://www.cve.org/CVERecord?id=CVE-2018-16621))漏洞,一键执行漏洞利用反弹shell

#### 运行示例:

<img src="pic/nexus运行自动化脚本.png" alt="nexus运行自动化脚本" style="zoom:25%;" />

在攻击机本地运行脚本,根据提示输入靶机ip、端口、本机监听ip、端口,之后即可一键执行漏洞利用代码,GET反弹Shell。
File Snapshot

 [4.0K]  /data/pocs/f71b0b93f291e237905fde37b93fcd40bc03983a
├── [4.6K]  nexus_poc.py
├── [4.0K]  pic
│   └── [ 69K]  nexus运行自动化脚本.png
└── [ 452]  README.md

1 directory, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.