admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-07 11:58:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/Web服务器漏洞/Apache Shiro 小于1.2.4反序列化漏洞 CVE-2016-4437.md
Threekiii 9acf184afd 更新漏洞
2022-12-06 17:17:54 +08:00

53 lines
1.3 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Apache Shiro 小于1.2.4反序列化漏洞 CVE-2016-4437
## 漏洞描述
Apache Shiro是一款开源安全框架提供身份验证、授权、密码学和会话管理。Shiro框架直观、易用同时也能提供健壮的安全性。
Apache Shiro 1.2.4及以前版本中加密的用户信息序列化后存储在名为remember-me的Cookie中。攻击者可以使用Shiro的默认密钥伪造用户Cookie触发Java反序列化漏洞进而在目标机器上执行任意命令。
## 漏洞影响
```
Apache Shiro <= 1.2.4
```
## 漏洞环境
```plain
https://github.com/vulhub/vulhub.git
cd vulhub/shiro/CVE-2016-4437
docker-compose up -d
```
访问[**http://xxx.xxx.xxx.xxx:8080/login**](http://xxx.xxx.xxx.xxx:8080/login)正常即可
![1](./images/202202090047041.png)
## 漏洞复现
Shiro已经有比较完善的工具
```plain
https://github.com/insightglacier/Shiro_exploit
https://github.com/feihong-cs/ShiroExploit/releases/tag/v2.51
```
这里使用的是 [ShiroExploit](https://github.com/feihong-cs/ShiroExploit) 工具进行复现
![2](./images/202202090047440.png)
打开后输入url即可
![3](./images/202202090047914.png)
成功反弹shell
![4](./images/202202090048722.png)
## 参考文章
[Shiro RememberMe 1.2.4远程代码执行漏洞-详细分析](https://xz.aliyun.com/t/6493)
Reference in New Issue View Git Blame Copy Permalink